Data center security

What is data center security?

With continuous verification and attestation, Zero Trust Security architectures enable the quick detection of many types of cyberattacks and often stop intrusions before they can occur. A Zero Trust model supports microsegmentation, enabling IT to segregate network resources so potential threats can be easily contained.

Comprehensive visibility
With the increased adoption of IoT, full-spectrum visibility of all devices and users on the network has become an increasingly important—and challenging—task. Without visibility, critical security controls that support a Zero Trust model are difficult to apply. Automation, AI-based machine learning, and the ability to quickly identify device types are critical.

Authenticate and authorize
Never trust and always verify. Multiple authentication methods can be used to concurrently support a variety of use cases, including multifactor authentication based on log-in times, posture checks, and others such as new user and new device.

Identity-based access control for least-privilege access
Least-privilege access based on identity allows users and devices to access just the resources needed to perform their functions—only as long as they behave consistently with their role. An access control policy limits access to resources and dynamically adjusts access when anomalous behavior is observed, or breach is suspected.

Endpoint security guards the company’s valuable asset—data—from vulnerabilities and threats by securing network endpoints, (hardware such as desktops, laptops, tablets, and other mobile devices used to access the company’s network). There are various types of endpoint security:

• Network Access Control (NAC): uses firewalls to control endpoint device access to the network.
• Data Loss Prevention: protects files or data hacked/exfiltrated via phishing schemes or malware installed at endpoints.
• Data Classification: identifies which data in your organization is most sensitive, placing higher value on its vulnerability so that access to it can be provided accordingly.
• URL Filtering: limits the number of websites that endpoints can connect to and protects from malware.
• Cloud Perimeter Security: puts a firewall around sensitive cloud-based data and apps to limit which endpoints can access data.
• Sandboxing: sets up a virtual environment that mimics the network for the user’s endpoint to operate, limiting access to sensitive information.

While data center networking has evolved over the past decade, providing higher-performing 25/100/400G leaf-spine topologies to address the volume and velocity of emerging application architectures, security and services architectures have not.

Unlike traditional perimeter security approaches, modern Zero Trust Security architectures recognize trust as a vulnerability. They assume no user, even if allowed onto the network, should be trusted by default because the user could be compromised. Identity and device attestation and authentication are required throughout the network. Every single component in the network must independently establish its trustworthiness and be authenticated by any other component it interacts with, including existing point security measures. The core principles of Zero Trust Security strategy:

• Never trust, always verify
• Assume breach
• Verify explicitly

A distributed services architecture expands Zero Trust deeper into the data center, to the network-server edge, delivering fine grained microsegmentation, dramatically scaling and strengthening the security of mission-critical workloads.