– Anthony James, vice president of product marketing, Fortinet (www.fortinet.com), says:
Ensure delivery of clean / threat-free applications and data to end-user systems.
Multiple layers of security are the best solution to balance application and data availability with security. Single points of protection often create bottlenecks or deliver ineffective security. Data center administrators should select security partners who offer a broad portfolio of security layers to meet their security and performance needs. From firewall, VPN (IPsec and SSL), to antivirus and antispam, data centers should deploy products that cater to their specific performance needs with adequate levels of defense.
For example, end users can access files and/or emails hosted within the datacenter and trust that files and emails delivered are free from viruses or other malicious code. Administrators should always perform inbound and outbound virus scans for files and emails to filter out malicious payloads. Other technologies such as SSL-based traffic inspection and application control offer additional screening method to threats that may be been hidden within secure tunnels that are invisible to some other security products.
Providing isolation among customers to increase security.
For datacenters that offer services to multiple small and medium businesses, virtualization is a very popular solution to better utilize the infrastructure to reduce hardware cost and management overhead. Many IT managers are familiar with server virtualization and many services have been built upon that technology. To enhance protection for each business organization, maintaining clear separation between businesses over the same network infrastructure must be achieved. Network virtualization takes virtualization from the server layer to the network layer and provides many benefits commonly found in virtualization technology.
It is still relatively new technology and although it has been gaining more traction amongst MSSP and carriers, IT managers in datacenters should consider how to apply networking virtualization to enhance the security and manageability of their infrastructure.
When considering network virtualization solutions, it is important to ensure that security service can be virtualized as an integral part of the virtualization strategy. There are different network virtualization solutions available and the cost can be very much different across the solutions. IT managers should discuss with their security solution provider to carefully design what is right for their needs.
Understand the network-exploitable vulnerabilities of data center infrastructure and implement security to protect those vulnerabilities.
The risk associated with data center based infrastructure is likely to evolve constantly. Understand network-exploitable vulnerabilities by implementing a vulnerability management policy and perform regular assessments of data center assets. Shield network-exploitable vulnerabilities by closing down unnecessary ports and use intrusion prevention and/or application-aware filtering to further reduce the risk exposure.
Avoid having a security policy that is well defined, yet sits idly on a shelf.
Keep the security policy top of mind, using not only periodic policy review, but also awareness building exercises.