Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Data Center Changes Push Cyber Risk to Network's Edge

Changes in fundamental enterprise architectures coupled with shifts in human resources mean that companies are considering new risks to their infrastructure.

Data centers face a huge increase in compute demand while looking at a precipitous drop in trained IT personnel. Add to those factors executive demand for changes in how data centers are powered, and the stage is set for shifts that could leave server farms, central storage, and enterprise network stacks open to cyberattacks. 

These are some of the points raised in a new report looking at the data center in 2025. The report, sponsored by Vertiv, is an update to a report first issued in 2014. In the original report, the data center brain drain was highlighted, with only 56% of survey participants expected to still be in the industry by 2025, and with retirement as the main reason for employees leaving.

But as the new report shows, the problem is much bigger. While the skills shortage in cybersecurity has been well-documented, it's also an overall problem in IT. These shortages in trained IT professionals are looming as the industry sees a change in the way that data centers are structured - a change that may be as large as the shift to cloud computing. Enterprise computing, the new 2019 report says, is heading to the edge.

"Edge computing" in this context is computing that has been pushed closer to users and devices rather than delivering all compute services from central locations. Among organizations who have edge sites today or expect to have edge sites in 2025, more than half (53%) expect the number of edge sites they support to grow by at least 100% between now and then, with 20% expecting a 400% or more increase, according to the report.

Overall, survey participants said that they expect their total number of edge computing sites to grow 226% between now and 2025.

"The pressure on the edge has pushed the requirement for understanding IT applications out into places that that it didn't exist just one generation ago," says Peter Panfil, vice president of global power at Vertiv. "We're going through this generational change and at the same time the industry is undergoing fairly significant changes in the way it's gonna be able to deploy its workforce." 

One way organizations are responding to the lack of trained professionals is by increasing the machine intelligence and automation capacity of different components in the data center. "If it's not a smart cluster, it's a smart rack, or a smart row, or a smart aisle where they can have complete flexibility in dropping 'IT-capability delivery systems' into places where before they just didn't have them," Panfil says.

Concerns about whether these more intelligent systems might become an attack vector for the enterprise has had an impact on how the intelligence is deployed. "For example, we offer a feature where we monitor the health of the of the UPS system," he says. "We've got customers who say, 'Nope we are not going to let you even connect to the network.' So the your system has to be self-contained and self optimizing."

"More and more of our customers are saying that a connection into the system is a way for people to get in and fiddle with it in a nefarious way," Panfil says. And that means hard limits on the connectivity physical infrastructure components are allowed.

Fortunately, there are physical infrastructure components that fall into what Panfil calls the "blinking and breathing" part of the operation, akin to the human body's autonomous systems that do things like breathe and blink without conscious intervention.

Even in complex situations like those involving percentages of green power at different times of day, or cooling operations based on ambient temperatures and moment-by-moment energy costs, the data center's physical infrastructure has to be on a self-contained blinking and breathing basis to secure it.

Security-conscious IT executives are in a bind: cloud-based control and automation systems could provide solutions to the functional gaps left by the growing skills shortage. But the network connections to critical infrastructure in the data center are, to many, unacceptable risks. The question is whether the self-contained solutions can provide the proper balance between function and security.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/12/2019 | 6:23:23 PM
We keep getting in our own way
Concerns about whether these more intelligent systems might become an attack vector for the enterprise has had an impact on how the intelligence is deployed. "For example, we offer a feature where we monitor the health of the of the UPS system," he says. "We've got customers who say, 'Nope we are not going to let you even connect to the network.' So your system has to be self-contained and self-optimizing."

 

Interesting, you have to ask yourself, is it in our best interest to add devices on the network that we are unfamiliar with, or is it our own lack of understanding or inability to expand our knowledge base or unwillingness to learn more. At the end of the day, even with all of the technology, we have amassed, we have to be willing to constantly learn because the threats and capabilities are constantly changing.

We have to look into ML (Machine Learning), NGFW (Next-Generation Firewalls) and NGIPS to assist us in identifying problems at the edge, distribution, and core (remember, the weakest link is the easiest to compromise).

Quote - "the price of Freedom is forever vigilance".

Todd
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.