Data centre security in SA is being challenged on a number of fronts, notably the move to Layer 7 architecture, and the need to lock down both 'north-south' and 'east-west' data centre traffic.
Industry players say securing the data centre has never been more important or more complex than it is today.
Paul Williams, major account manager at Fortinet, says the increasingly connected world, disruptive technologies, and the pace at which data centres must deliver business value are impacting operations while, at the same time, the information security risks facing enterprises grow ever-more sophisticated.
"Companies are moving their business applications to Layer 7 in the data centre, which brings on new user access methods and a multiple of new connections traversing the network, which in essence is creating higher security risks."
In a recent whitepaper, Dimension Data said organisations need to use new technologies, such as virtualisation and cloud solutions, and establish the right security ecosystem of controls, processes and policies in their data centres.
Gartner believes the Internet of things will force enterprise data centre operators to completely rethink the way they manage capacity across all layers of the IT stack.
According to Williams, the traditional communication protocols in data centres are based on the International Standards Organisation, which defines all the layers in which information is sent and received over the Internet today.
The other challenge besetting local data centres relates to 'north-south' and 'east-west' data centre traffic, Williams says.
North-south is the traffic between the data centre and the user, he notes, adding east-west traffic is traffic flowing between the hosts inside the data centre.
"For example, a user accessing the Web server is north-south. A Web server accessing a database for that user session or doing a transaction is east-west. This can be actual data and/or system control data for software-defined networking."
East-west traffic is typically latency-sensitive as it can be network storage traffic, database access traffic or simple distributed compute workloads, he notes.
"With the coming of broadband and fibre access to the mix, the north-south traffic can also no longer afford to have high latency as this causes issues with transactions between the users and the data centre. These transactions may involve different data centres interacting too, which may need other cloud-based components."
Managing and controlling both north-south traffic in and out of the data centre and east-west traffic is also becoming increasingly important to IT managers with the advent of e-commerce business-to-business and consumer-to-business traffic, Williams points out.
Munawar Hossain, director of product management for cloud and content security at Cisco, says traffic in the data centre generally flows in three directions. North-south traffic is limited to traffic that enters and exits the DC.
It is the sort of traffic that most data centre security solutions focus on as it crosses the data centre boundary, he explains.
East-west traffic, on the other hand, flows between DC devices and applications and never leaves the data centre. Finally, there is 'inter-data centre' traffic, which flows between multiple data centres, and between data centres and the private or public cloud.
Williams urges organisations to plan their security strategy around the business vertical they are in.
For example, he notes, banking and finance have very different needs and requirements compared with manufacturing.
"Ensure the security network technology can be mapped to your company's requirements, like full unified threat management with WiFi branch office, full unified threat management or next-generation firewall. With this, ensure you have a world-class appliance manager with reporting and logging of this critical data."
Share