Story image

INSIDER INSIGHTS: Protecting data centers from internal and external threats

19 Jul 2016

Securing the data center is one of the most important challenges facing CSOs today.

On the one hand, users want to be able to access information stored at the data center any time and from any device. On the other hand, you want to restrict access to clearly defined data, applications, roles and devices. Added to the mix is that, for many managed service providers and enterprise data centers, users, devices, roles and where and how that data is stored changes on a regular basis. Trying to balance security versus access isn’t a new imperative. But it is becoming more complex.

“Data centers by their very nature require far-reaching yet integrated security,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s cyber security solutions. “The more people that require access to the data and applications hosted within your data center – users, clients, guests and internal staff – the more opportunities there are for any of these roles to unintentionally become a vector for malware, advanced persistent threats or intrusion. And once behind the gateway, these potentially harmful events have to be isolated and mitigated. Network protection has to move outward by allowing only secured devices from accessing the network and inward by internally segmenting data and applications to reduce any unauthorised ‘east-west’ traffic."

Take a big-picture view

Today’s data center operations are fluid and mobile. People use smartphones, tablets, desktops or laptops at any time to access hosted networks and data. Add to that the number of applications, which may or may not be secure, on each of those devices. Then factor in the number of partners and vendors with whom they share data, each adding potential vulnerabilities from unsecured devices and applications. To tackle these issues, data centers need total transparency across the entire network to view and detect threats and abnormalities in the flow of information.

Develop user-profile security policies

Hundreds of users, devices and applications require hundreds of security profiles at the granular level. A secure data center has to account for all potential users: who they are, where they are physically located, what devices are they using to access the network and what applications they need to access. It’s hard enough if your data center serves only your organisation. The challenges are multiplied for managed service providers with multiple clients.

Create trust zones

Policy and enforcement go hand-in-hand. With internal segmentation and policies associated with each segment, you can create discrete secure areas for authorised access and interactions. These segments are protected by internal firewalls, each enforcing the associated security policy and deploying a range of advanced security services to detect and protect against threats and hackers.  Deploying these internal segmentation firewalls provides visibility into internal network traffic which can be used to enhance zero day attack mitigation and overall security posture. 

A security fabric

To protect against internal and external threats you need a fully-integrated security fabric that provides total visibility across the network, supports internally-segmented trust zones and the ability to deploy individualised security policy for each and every user/device combination.

“This is exactly what Fortinet has developed with their Secure Access Architecture (SAA),” says Khan. “With the FortiOS 5.4 secure operating system, a full range of powerful FortiGate next generation internal segmentation firewalls, FortiAnalyzer and FortiManager to create and deploy multiple policies across the entire network and a host of other security solutions, all designed from the ground up to be interoperable, protecting your data center from threats both internal and external can be achieved from a single vendor and managed from a single dashboard.”

“Fortinet’s SAA can work alongside your current security infrastructure,” concludes Khan, “so you can add Fortinet’s enhanced protection as a staged implementation. Indeed, transitioning security landscapes from heterogeneous point solutions to a fully-integrated security fabric is becoming the de facto standard for more and more data center implementations. If you are looking to expand and enhance your security profile to address multiple polices and segments within your data center, give us a call. It’s a specialty for Fortinet and one which is rapidly gaining acceptance for enterprise data centers across all vertical markets.”

For further information, please contact:

Andrew Khan, Senior Business Manager Email: M: 021 819 793

David Hills, Solutions Architect Email: M: 021 245 0437

Hugo Hutchinson, Business Development Manager Email: P: 09-414-0261 | M: 021-245-8276

Marc Brunzel, Business Development Manager Email:  M: 021 241 6946

ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Gartner: Good talent put off by old tech
Technology now ranks in the top ten reasons Australian employees will leave their current role, according to Gartner’s 4Q18 Global Talent Monitor.
App downtime costs businesses over $700k per event
One hour of business-critical application downtime can cost larger companies $144,062.52 per hour, with an average repair time of over five hours.
Ingram Micro gives Cloud Marketplace an overhaul
Including a new UI, improved sales and marketing tools, and an API for integrating a partner’s own storefront, CRM and billing.
Aussies too lax about IoT security - McAfee
Aussie consumers are at a loss when it comes to securing the increasing number of connected devices in their homes and are often opting to take no action at all.
AU’s smartphone market suffers record decline
The smartphone market in Australia is going through some tough slog at the moment, but there is some good news on the horizon.
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.