Protecting facilities from physical attack or penetration is a top priority for all datacentre operators. Many have put up reinforced perimeter fencing, installed biometric-based access systems and used bomb-proof building materials – all in a concerted effort to keep unwanted trespassers out.
However, concerns have been raised recently that, while pursuing Fort Knox-levels of security at their site gates, operators could be overlooking the threat posed to those same facilities by cyber attackers.
Given the ever changing nature of the cyber threat landscape, it’s an area they cannot afford to overlook, warns Wieland Alge, general manager for EMEA at security vendor Barracuda Networks.
“The threat scenario has completely changed – is changing by the hour, in fact – and we, as IT security specialists, are no longer in complete control with our antiquated methods,” he says.
Landscape of cyber battle
Datacentre-related cyber attacks, such as data breaches or distributed denial of service (DDoS) incidents, seem to affect a whole range of industries on a regular basis in Europe, if what’s reported in the news is anything to go by.
And IT security specialists say that in some cases – particularly those involving companies in the financial space – details of attacks are kept under wraps, sometimes by agreement between the hackers and their victims.
Such a deal can be done to protect the victim’s professional reputation. It’s easy to understand why companies may be reluctant for details of the attacks against them to be made public, as it may highlight shortcomings in their security operations.
Mirosław Maj, founder of Secure Cyberspace Foundation in Warsaw, points to the attack on the German parliament’s networks in May 2015, which left the Bundestag facing the prospect of having to replace around 20,000 computers. In the wake of the attack, the German government was roundly criticised following local newspaper reports that suggested it may have been triggered by users clicking on malicious email links.
“The revelations about attacks on the Bundestag have shown just how easy it is to spy on governmental institutions, how poorly prepared officials are and how clueless the population is,” he says.
But there are two big downsides in hushing up cyber threats. First, it may mask the extent to which datacentre operators are falling victim to cyber attacks, and therefore they may not appreciate the risk posed to their facilities.
Second, without full and frank disclosures about how other companies have fallen foul of hackers, operators may not fully understand the threats they should be protecting themselves against.
Europe unites over data security
How to drive up levels of digital security across Europe has been the subject of much debate in recent times, thanks to the European Commission’s efforts to harmonise data protection laws across all 28 EU states.
The EU’s new Data Protection Regulation will establish official procedures for monitoring, reviewing, assessing and processing data to reduce the risk of a breach, which should give datacentre operators some clear guidance to follow.
During the Net Futures 2015 conference in Brussels last March, Günther Oettinger, European commissioner for digital economy and society, outlined the aims of the regulation when discussing the digital single market.
“The European Commission wants to force all companies active in Europe to report any kind of data breach,” he said.
“Each country would be required to create a trusted platform where these data breaches must be reported by companies. National governments would still be required to appoint a central authority and develop a national cybersecurity strategy.”
Datacentre operators welcome the push to create a single data protection law for all members of the EU to abide by because of the current complexities caused by each country having its own set of rules and regulations.
Protection demands constant updates
Despite the array of software tools and techniques at their disposal, cyber attackers prefer to deliver malware to their targets by exploiting social engineering tricks, which are growing in sophistication with each passing year.
For datacentre operators and end-users alike, things seem to be moving forward in this area at a pace of change few can keep up with.
“We have to understand that the way IT is used by specialists and end-users is changing, and changing faster than we, the security experts, had ever thought possible,” says Alge.
“The fuss still given to setting up, approving and refining firewall regulations today is much too slow and antiquated in some computing centres. The IT security teams have to keep adapting to new circumstances. Total threat protection demands constant updates.”
One datacentre operator that knows this only too well is DNSimple. The domain name service suffered a DDoS affecting all its facilities on 20 May 2015.
“The majority of our DDoS defence systems worked correctly,” explains Anthony Eden, the company’s founder.
“Adapting to the ever changing attacks we see is a constant battle, but we will continue to improve our processes and systems to minimise the impact on all of our customers.”
From reactive to proactive
DDoS attacks are commonly used to disable datacentre operations by overloading systems with network traffic that can knock websites and other services offline for a prolonged period.
“For a company providing its services online, business losses caused by overloaded servers or access links are far more than just an inability to provide appropriate support to customers. They also include loss of trust, financial loss and damaged reputation, as well as potential internal conflicts within the organisation,” says Jacek Krupa, vice president of Poland-based telco ATM.
Unfortunately, traditional protection systems can’t easily identify whether a sudden rise in network traffic has been caused by a DDoS attack or not.
Protection against known, unknown and evolving volumetric attacks, including DoS and DDoS attacks, needs the operator to be able to identify threats and block them at an infrastructure level.
More about datacentre security
- Datacentre operators are putting the integrity of their facilities at risk by prioritising the physical security of their sites rather than safeguarding them from cyber attacks
- Organisations seeking colo datacentre space are now asking more questions – many of them detailed – about the physical security of the datacentre
ATM recently created an AntiDDoS offering to tackle such issues. It consists of two protective devices – a sensor and a filter – that are installed on a client’s link to work with the installed monitoring software.
After an initial analysis, volumetric thresholds are defined (eg TCP 60Mbps, 10k/sec) and when these are exceeded an anomaly is flagged. Each subnetwork and address can have different threshold and response templates assigned to them.
The sensor’s task is to analyse all the production traffic running through the client’s link in real-time. If it detects the protection-triggering thresholds have been exceeded, traffic is redirected from the backbone router to the filter. In just a few seconds filtered traffic is analysed and then sent back to the client via a separate return channel.
“The main advantages of an infrastructure configured this way are continued operations on the primary link of the addresses that weren’t attacked, and zero influence of possible AntiDDoS system downtimes on the unrestricted internet access service,” explains Krupa.
IoT gateway for datacentre hackers
The rise of the internet of things poses another significant security risk to datacentre operators, particularly as the number of internet-connected devices continues to grow, resulting in more traffic passing through their facilities.
According to HP’s recent Internet of Things Security: State of the Union report, 70% of IoT devices are vulnerable to attack.
“These IoT devices are often not operated by their owners, but by the company that sells them. It means that numerous players can be active in a datacentre network – and players don’t know, don’t control and will never be able to hold responsibility for anything,” says Alge.
A recent report by advisory firm EY sheds further light on this issue, stating: “One vulnerable device can lead to other vulnerable devices, and it’s almost impossible to patch all the vulnerabilities for all the devices.
“For the cyber criminals, it won’t be hard to find a target for their attack. The underground black market selling vulnerabilities will be vast and so would be the number of victims.”
So, what steps can datacentre operators take to protect themselves against the threat of IoT-mediated intruders? According to EY, they need to make sure they know their environment, but be prepared to develop their security practices. They also need to have confidence in their incident response procedures and ensure that cyber security is aligned with their overarching business principles.