Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Data Center Changes Push Cyber Risk to Network's Edge

Changes in fundamental enterprise architectures coupled with shifts in human resources mean that companies are considering new risks to their infrastructure.

Data centers face a huge increase in compute demand while looking at a precipitous drop in trained IT personnel. Add to those factors executive demand for changes in how data centers are powered, and the stage is set for shifts that could leave server farms, central storage, and enterprise network stacks open to cyberattacks. 

These are some of the points raised in a new report looking at the data center in 2025. The report, sponsored by Vertiv, is an update to a report first issued in 2014. In the original report, the data center brain drain was highlighted, with only 56% of survey participants expected to still be in the industry by 2025, and with retirement as the main reason for employees leaving.

But as the new report shows, the problem is much bigger. While the skills shortage in cybersecurity has been well-documented, it's also an overall problem in IT. These shortages in trained IT professionals are looming as the industry sees a change in the way that data centers are structured - a change that may be as large as the shift to cloud computing. Enterprise computing, the new 2019 report says, is heading to the edge.

"Edge computing" in this context is computing that has been pushed closer to users and devices rather than delivering all compute services from central locations. Among organizations who have edge sites today or expect to have edge sites in 2025, more than half (53%) expect the number of edge sites they support to grow by at least 100% between now and then, with 20% expecting a 400% or more increase, according to the report.

Overall, survey participants said that they expect their total number of edge computing sites to grow 226% between now and 2025.

"The pressure on the edge has pushed the requirement for understanding IT applications out into places that that it didn't exist just one generation ago," says Peter Panfil, vice president of global power at Vertiv. "We're going through this generational change and at the same time the industry is undergoing fairly significant changes in the way it's gonna be able to deploy its workforce." 

One way organizations are responding to the lack of trained professionals is by increasing the machine intelligence and automation capacity of different components in the data center. "If it's not a smart cluster, it's a smart rack, or a smart row, or a smart aisle where they can have complete flexibility in dropping 'IT-capability delivery systems' into places where before they just didn't have them," Panfil says.

Concerns about whether these more intelligent systems might become an attack vector for the enterprise has had an impact on how the intelligence is deployed. "For example, we offer a feature where we monitor the health of the of the UPS system," he says. "We've got customers who say, 'Nope we are not going to let you even connect to the network.' So the your system has to be self-contained and self optimizing."

"More and more of our customers are saying that a connection into the system is a way for people to get in and fiddle with it in a nefarious way," Panfil says. And that means hard limits on the connectivity physical infrastructure components are allowed.

Fortunately, there are physical infrastructure components that fall into what Panfil calls the "blinking and breathing" part of the operation, akin to the human body's autonomous systems that do things like breathe and blink without conscious intervention.

Even in complex situations like those involving percentages of green power at different times of day, or cooling operations based on ambient temperatures and moment-by-moment energy costs, the data center's physical infrastructure has to be on a self-contained blinking and breathing basis to secure it.

Security-conscious IT executives are in a bind: cloud-based control and automation systems could provide solutions to the functional gaps left by the growing skills shortage. But the network connections to critical infrastructure in the data center are, to many, unacceptable risks. The question is whether the self-contained solutions can provide the proper balance between function and security.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/12/2019 | 6:23:23 PM
We keep getting in our own way
Concerns about whether these more intelligent systems might become an attack vector for the enterprise has had an impact on how the intelligence is deployed. "For example, we offer a feature where we monitor the health of the of the UPS system," he says. "We've got customers who say, 'Nope we are not going to let you even connect to the network.' So your system has to be self-contained and self-optimizing."

 

Interesting, you have to ask yourself, is it in our best interest to add devices on the network that we are unfamiliar with, or is it our own lack of understanding or inability to expand our knowledge base or unwillingness to learn more. At the end of the day, even with all of the technology, we have amassed, we have to be willing to constantly learn because the threats and capabilities are constantly changing.

We have to look into ML (Machine Learning), NGFW (Next-Generation Firewalls) and NGIPS to assist us in identifying problems at the edge, distribution, and core (remember, the weakest link is the easiest to compromise).

Quote - "the price of Freedom is forever vigilance".

Todd
Major Brazilian Bank Tests Homomorphic Encryption on Financial Data
Kelly Sheridan, Staff Editor, Dark Reading,  1/10/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft Patches Windows Vuln Discovered by the NSA
Kelly Sheridan, Staff Editor, Dark Reading,  1/14/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Give us your best shot! You might win an Amazon gift card!
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3686
PUBLISHED: 2020-01-17
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security
CVE-2019-3683
PUBLISHED: 2020-01-17
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and...
CVE-2019-3682
PUBLISHED: 2020-01-17
The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.
CVE-2019-17361
PUBLISHED: 2020-01-17
In SaltStack Salt through 2019.2.0, the salt-api NEST API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
CVE-2019-19142
PUBLISHED: 2020-01-17
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.