Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Data Center Changes Push Cyber Risk to Network's Edge

Changes in fundamental enterprise architectures coupled with shifts in human resources mean that companies are considering new risks to their infrastructure.

Data centers face a huge increase in compute demand while looking at a precipitous drop in trained IT personnel. Add to those factors executive demand for changes in how data centers are powered, and the stage is set for shifts that could leave server farms, central storage, and enterprise network stacks open to cyberattacks. 

These are some of the points raised in a new report looking at the data center in 2025. The report, sponsored by Vertiv, is an update to a report first issued in 2014. In the original report, the data center brain drain was highlighted, with only 56% of survey participants expected to still be in the industry by 2025, and with retirement as the main reason for employees leaving.

But as the new report shows, the problem is much bigger. While the skills shortage in cybersecurity has been well-documented, it's also an overall problem in IT. These shortages in trained IT professionals are looming as the industry sees a change in the way that data centers are structured - a change that may be as large as the shift to cloud computing. Enterprise computing, the new 2019 report says, is heading to the edge.

"Edge computing" in this context is computing that has been pushed closer to users and devices rather than delivering all compute services from central locations. Among organizations who have edge sites today or expect to have edge sites in 2025, more than half (53%) expect the number of edge sites they support to grow by at least 100% between now and then, with 20% expecting a 400% or more increase, according to the report.

Overall, survey participants said that they expect their total number of edge computing sites to grow 226% between now and 2025.

"The pressure on the edge has pushed the requirement for understanding IT applications out into places that that it didn't exist just one generation ago," says Peter Panfil, vice president of global power at Vertiv. "We're going through this generational change and at the same time the industry is undergoing fairly significant changes in the way it's gonna be able to deploy its workforce." 

One way organizations are responding to the lack of trained professionals is by increasing the machine intelligence and automation capacity of different components in the data center. "If it's not a smart cluster, it's a smart rack, or a smart row, or a smart aisle where they can have complete flexibility in dropping 'IT-capability delivery systems' into places where before they just didn't have them," Panfil says.

Concerns about whether these more intelligent systems might become an attack vector for the enterprise has had an impact on how the intelligence is deployed. "For example, we offer a feature where we monitor the health of the of the UPS system," he says. "We've got customers who say, 'Nope we are not going to let you even connect to the network.' So the your system has to be self-contained and self optimizing."

"More and more of our customers are saying that a connection into the system is a way for people to get in and fiddle with it in a nefarious way," Panfil says. And that means hard limits on the connectivity physical infrastructure components are allowed.

Fortunately, there are physical infrastructure components that fall into what Panfil calls the "blinking and breathing" part of the operation, akin to the human body's autonomous systems that do things like breathe and blink without conscious intervention.

Even in complex situations like those involving percentages of green power at different times of day, or cooling operations based on ambient temperatures and moment-by-moment energy costs, the data center's physical infrastructure has to be on a self-contained blinking and breathing basis to secure it.

Security-conscious IT executives are in a bind: cloud-based control and automation systems could provide solutions to the functional gaps left by the growing skills shortage. But the network connections to critical infrastructure in the data center are, to many, unacceptable risks. The question is whether the self-contained solutions can provide the proper balance between function and security.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/12/2019 | 6:23:23 PM
We keep getting in our own way
Concerns about whether these more intelligent systems might become an attack vector for the enterprise has had an impact on how the intelligence is deployed. "For example, we offer a feature where we monitor the health of the of the UPS system," he says. "We've got customers who say, 'Nope we are not going to let you even connect to the network.' So your system has to be self-contained and self-optimizing."

 

Interesting, you have to ask yourself, is it in our best interest to add devices on the network that we are unfamiliar with, or is it our own lack of understanding or inability to expand our knowledge base or unwillingness to learn more. At the end of the day, even with all of the technology, we have amassed, we have to be willing to constantly learn because the threats and capabilities are constantly changing.

We have to look into ML (Machine Learning), NGFW (Next-Generation Firewalls) and NGIPS to assist us in identifying problems at the edge, distribution, and core (remember, the weakest link is the easiest to compromise).

Quote - "the price of Freedom is forever vigilance".

Todd
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.