Datacenters need another perspective on security

As stated by Intel “Changing demands for bandwidth, processing power, energy efficiency and storage – brought on by such trends as cloud computing, big data, increased services and more mobile computing devices hitting the network – are driving the need for new architectures in the data center.”

Therefore we see that the datacenter world is making a transition from an artisanal mode of operation to an industrialized mode of operations. To make the industrialization of datacenters possible there is a need for uniformization, standardization, and automation to get the benefits of economy of scale.  One of the current big things in this datacenter transformation is DCIM.

Until recently there was a disconnect between the facility and IT infrastructure in the datacenter. To get rid of the limited visibility and control of the physical layer of the data center we see the rise of a new kind of system: the Data Center Infrastructure Management System (DCIM).

You could say that a DCIM system is the man in middle, a broker between the demands of the IT world and the supply of power, cooling, etc. from the Facility world. The DCIM is layered on top of the so called SCADA system. Where SCADA stands for Supervisory Control And Data Acquisition, the computerized control systems that are the heart of modern industrial automation and control systems.

So currently DCIM is a hot topic, and the added value of the different kind of flavors and implementations of DCIM systems are heavily discussed.

But something is missing. The world, moves rapidly towards the digital age, whereSCADASecurity information technology forms a crucial aspect of most organizational operations around the world. Where datacenters provide the very foundation of the IT services that are provided. Therefore datacenters can be considered as a critical infrastructure, assets that are essential for the functioning of a society and economy. But how are these assets protected? And here we are not talking about the physical security of a datacenter or how save is your business data stored and processed in a datacenter. Here we are talking about the security of the facility control systems, the cooling, the power, etc.

Beware that DCIM functionality is not only about passive monitoring and dashboards but also about active controlling and automation. The information obtained with SCADA systems will become crucial to control the infrastructure sides of facilities and even IT equipment. With DCIM the traditional standalone SCADA and Building Management Systems (BMS) get connected and integrated with the IP networks and IT systems. But also the other way around, SCADA and BMS get accessible by means of these IP networks and IT systems. This, by misusing these IP networks and IT systems, creates the risk of a (partial) denial of service or damaged data integrity of your DCIM and SCADA/BMS systems and thus the disabling of a Critical Infrastructure: The Datacenter.

 In most organizations SCADA and BMS security are not yet in scope of the activities of the Corporate Information Security Officer (CISO). But awareness is growing. Although not specifically focused on datacenters the following papers are very interesting.

 From the National Institute of Standards and Technology the Guide to Industrial Control Systems Security or the  Checklist security of ICS/SCADA systems from the National Cyber Security Centre of The Netherlands or the white paper of Trend Micro

So read it, make your own checklist and get this topic on the datacenter agenda!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s