Security on modern data centers

Security on modern data centers is not anymore just firewalling some perimeters and hoping for nobody to get through. In a modern data center, due to the every time more present virtualization and network programmability and the extensive different kinds of incoming and outgoing communications the landscape of security threads it's as wide and different as ever. One of the factors of the new paradigm on data center design that hardens the work of the security team is the loss of visibility over the virtualized environment and the existent possibility that data and networks that are meant to be apart are connected at some point exposing sensitive data or allowing access to resources to which it should be restricted. In order to implement a security infrastructure and policy for a modern datacenter we could base the guidelines for such process on three central points: Securing the virtualized infrastructure: When choosing the technology that will be used to implement part or all the security infrastructure, it is important that it has the ability to inspect and monitor networks, services and others at a virtualization level hence being aware of all the VM2VM communications active and present on the ever changing topology. Considering this precondition a central management control of all physical and virtual infrastructure should be present implementing solutions from network monitoring tools, virtual intrusion detection and prevention systems to virtual firewalls and file integrity monitoring and vulnerability scanning solutions. All of this is applied in the form of policy groups in a way that security policies can be specifically applied where they are needed instead of at central points of transit. Anyhow this does not eliminate the need of perimetral security. Gaining real-time network visibility: As it was stated on the introduction of this post, a modern data center topology is ever changing and the interactions against it are done from an infinity of diverse endpoints. Therefore setting up the network with the ability to automatically flag prohibited applications, events and traffics to specific users and flows is a powerful way of increasing security despite the proliferation of endpoints, applications, technologies and external users. Securing bigger and faster networks: Even though security is a major factor on the data center design it has to align with the rest of them. A combination of high-performance technology and automation capabilities are also essential. Also through the use of the same automation process that the data center uses to change in order the satisfy the demands of every moment, it can enforce the security policies required for every little part and system of the whole network eliminating otherwise time consuming manual work. Hereby, it's attempted to reduce costs, go green, offer more services, and support more users and growing amounts of data, the emerging security risks and how they can be addressed and mitigated have to be considered. Organizations can transform their data centers with confidence by understanding potential new risks and addressing them accordingly.