security

The new age of internal and external data centre security

11 December 2020 | Bob Eve

Cover

Abigail Opiah speaks to Candid Wüest, VP of cyber protection research at Acronis, about one of the most important components a data centre needs – internal and external security.

A data centre needs the appropriate amount of space, a system to regulate the environment, adequate security, a reliable power supply, fire suppression, and networking equipment, in addition to the servers. That is the easy part. But what it also needs is internal and external security.

Based in Switzerland, Candid Wüest, VP of cyber protection research at Acronis, heads the cyber protection operations centre for Europe. He says it is a centre where the company has a team of analysts, together with teams in Singapore and the US, working 24 hours a day in shifts to cover any threats that may appear.

“If we see anything new coming up, we will inform our customers and make sure our products are protecting it,” he says.

“We look beyond just viruses, as there could also be human errors and natural catastrophes like an earthquake bringing down data centres. We look at all threats holistically to make sure it does not affect a partner’s MSPs or customers.”

For the last 20 years, Wüest has been in IT security, and the last 16 years he spent it at Symantec, an US-based cybersecurity software and services company, where he built up the security response team.

Access control

Taking a broader look at data centre security, Wüest says on the physical side, larger data centres do a good job in having mandatory access control with batches and even singling out people, which is usually done well.

“On the digital side, unfortunately, we are not there yet. We have noticed an improvement, but it is tricky as we see more automation happening; most data centres try to do more with fewer people. This means that if you can hijack one of those processors, then you can usually do a lot of damage if they gain access,” he explains.

Comparing internal and external data centre breaches, Wüest says that ransomware attackers are by far more damaging because modern ransomware is no longer about just encrypting data, it is more about stealing the data and blackmailing the victim for payment or else the data would be released. This can have a huge impact on businesses.

“In regard to disaster recovery, if you are down for a few days that can kill smaller partners and providers. We are also seeing that the attackers are focusing more on service providers and consulting companies who usually run some data centres,” Wüest explains.

“If they attack a consulting company that has access to your data centre, they will gain 20 or so victims in the end because they can just leverage the access that they get.”

Protection

The severity of cyber-attacks and data breaches has risen considerably over the past few years. So much so, they are no longer labelled as an IT issue.

For this, Wüest says that protection of data is paramount. This means having multiple back-ups on all the data and having the ability to restore it.

“We have seen that many data centres do have a disaster recovery plan, but they have not necessarily played it through. If it takes 24 hours to restore all your servers, it is still not a good disaster recovery plan,” he says.

“In regard to threat, people have realised that antivirus alone cannot detect 100% of the threat, thus go one-step forward and manually go hunting for the threats. This does work, but it is also a lot of resource-intensive work, thus it is not the best solution.

“This is why we see more companies doing an integrated approach where you combine everything together so that there can be protection on multiple levels and use all the information in one picture,” Wüest adds.

Awareness is one of the prominent keys to broadening the knowledge of data centre security in the industry. As Wüest says: “If you don’t know what you are facing, how can you protect against it”.

And as more customers move to the cloud, there is a need to have dynamic scalable data centres to accompany the move.

“Many of those customers want software-as-a-service from the cloud, thus the data centres now have good connections to the cloud providers, so that you could easily spin off some containers and anything else you would expect nowadays,” he concludes.

“The future of data centre security should look like transparency in the background, meaning that a good security should not be seen or felt unless it is blocking something and even then, you should not really see it.”