Intelligent Data Centres Issue 01 | Page 32

FEATURE Seamless recovery – The larger a company, the more complex a full recovery can be. Relying on a traditional backup solution gives your IT department the full responsibility for data retention and infrastructure examination. system because there are dependencies on older software versions you would never have even thought of. Sometimes the OS is so dated it might no longer have active support available and security patches simply don’t exist anymore. Industry experts offer their views on the most significant modern threats and what can be done about them. For example, with backdoors on systems that are facing the Internet, attackers are able to launch web attacks like SQL injection, cross-site scripting or cross- site request forgery to gain access to sensitive data. Felix Rosbach, Product Manager at Felix Rosbach, Product comforte AG at comforte AG Manager With an ever-increasing attack surface, security is a constant struggle for data centres. While IoT enables us to analyse data like never before, every device represents a potential attack vector. Aside from DDoS attacks and other methods of sabotage, the most painful type of cyberattacks are the ones involving theft of sensitive data. Stolen data is not only problematic in terms of reputation and losing IP, in the age of GDPR it can also result in very hefty fines. There are two main problems: First is malicious software: this is a battle that is extremely hard to win, especially with the digital workplace and smart devices connected to your data centre. Second are backdoors: the bad guys always seem to find a way to get in somehow. Sometimes systems aren’t patched or it’s simply impossible to patch a legacy You can do a lot to protect your network with classic perimeter defence. Firewalls, intrusion detection systems, patching unpatched systems, identifying servers that are listening on unwanted service ports – these things are still important. The days of ‘never touch a running system’ are way over – now it’s ‘you’d better touch a running system.’ But even if you buy every security solution possible you will never be 100% secure. These only protect you against known attack methods. But the more connections you have, the more complex your network is, the less effective is it to build a wall around it. Moving to the cloud, connecting to IoT and having digital workplaces in your enterprise only complicate the situation. The way to go forward is to implement sophisticated identity access management in combination with data-centric security. With that combination you make sure that only the right people get access and, if somehow the wrong people still manage to gain access, they can’t use the data. Sachin Bhardwaj, eHosting DataFort, Sachin Bhardwaj, eHosting Director, Marketing and Business DataFort, Director, Marketing Development and Business Development The increasing use of Big Data and the onset of the Internet of Things has only added to the intensity of the need to prioritise cybersecurity within data centres. One is also mindful of the ongoing regulations and compliance needs that have shot up. This sets the pace for a far more holistic approach to cybersecurity which 32 Issue 01 comprises of a well-rounded security strategy that involves both governance and the operations angles. It includes a combination of information security, information system security as well as physical security. And the framework must be in a strong position to identify, protect, detect, respond as well as recover data. At a time when attacks are only getting to be more sophisticated and increasing in numbers, there is evidently a gap in the requisite security professionals where