Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Data Center Changes Push Cyber Risk to Network's Edge

Changes in fundamental enterprise architectures coupled with shifts in human resources mean that companies are considering new risks to their infrastructure.

Data centers face a huge increase in compute demand while looking at a precipitous drop in trained IT personnel. Add to those factors executive demand for changes in how data centers are powered, and the stage is set for shifts that could leave server farms, central storage, and enterprise network stacks open to cyberattacks. 

These are some of the points raised in a new report looking at the data center in 2025. The report, sponsored by Vertiv, is an update to a report first issued in 2014. In the original report, the data center brain drain was highlighted, with only 56% of survey participants expected to still be in the industry by 2025, and with retirement as the main reason for employees leaving.

But as the new report shows, the problem is much bigger. While the skills shortage in cybersecurity has been well-documented, it's also an overall problem in IT. These shortages in trained IT professionals are looming as the industry sees a change in the way that data centers are structured - a change that may be as large as the shift to cloud computing. Enterprise computing, the new 2019 report says, is heading to the edge.

"Edge computing" in this context is computing that has been pushed closer to users and devices rather than delivering all compute services from central locations. Among organizations who have edge sites today or expect to have edge sites in 2025, more than half (53%) expect the number of edge sites they support to grow by at least 100% between now and then, with 20% expecting a 400% or more increase, according to the report.

Overall, survey participants said that they expect their total number of edge computing sites to grow 226% between now and 2025.

"The pressure on the edge has pushed the requirement for understanding IT applications out into places that that it didn't exist just one generation ago," says Peter Panfil, vice president of global power at Vertiv. "We're going through this generational change and at the same time the industry is undergoing fairly significant changes in the way it's gonna be able to deploy its workforce." 

One way organizations are responding to the lack of trained professionals is by increasing the machine intelligence and automation capacity of different components in the data center. "If it's not a smart cluster, it's a smart rack, or a smart row, or a smart aisle where they can have complete flexibility in dropping 'IT-capability delivery systems' into places where before they just didn't have them," Panfil says.

Concerns about whether these more intelligent systems might become an attack vector for the enterprise has had an impact on how the intelligence is deployed. "For example, we offer a feature where we monitor the health of the of the UPS system," he says. "We've got customers who say, 'Nope we are not going to let you even connect to the network.' So the your system has to be self-contained and self optimizing."

"More and more of our customers are saying that a connection into the system is a way for people to get in and fiddle with it in a nefarious way," Panfil says. And that means hard limits on the connectivity physical infrastructure components are allowed.

Fortunately, there are physical infrastructure components that fall into what Panfil calls the "blinking and breathing" part of the operation, akin to the human body's autonomous systems that do things like breathe and blink without conscious intervention.

Even in complex situations like those involving percentages of green power at different times of day, or cooling operations based on ambient temperatures and moment-by-moment energy costs, the data center's physical infrastructure has to be on a self-contained blinking and breathing basis to secure it.

Security-conscious IT executives are in a bind: cloud-based control and automation systems could provide solutions to the functional gaps left by the growing skills shortage. But the network connections to critical infrastructure in the data center are, to many, unacceptable risks. The question is whether the self-contained solutions can provide the proper balance between function and security.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/12/2019 | 6:23:23 PM
We keep getting in our own way
Concerns about whether these more intelligent systems might become an attack vector for the enterprise has had an impact on how the intelligence is deployed. "For example, we offer a feature where we monitor the health of the of the UPS system," he says. "We've got customers who say, 'Nope we are not going to let you even connect to the network.' So your system has to be self-contained and self-optimizing."

 

Interesting, you have to ask yourself, is it in our best interest to add devices on the network that we are unfamiliar with, or is it our own lack of understanding or inability to expand our knowledge base or unwillingness to learn more. At the end of the day, even with all of the technology, we have amassed, we have to be willing to constantly learn because the threats and capabilities are constantly changing.

We have to look into ML (Machine Learning), NGFW (Next-Generation Firewalls) and NGIPS to assist us in identifying problems at the edge, distribution, and core (remember, the weakest link is the easiest to compromise).

Quote - "the price of Freedom is forever vigilance".

Todd
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1927
PUBLISHED: 2020-04-02
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVE-2020-8144
PUBLISHED: 2020-04-01
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware u...
CVE-2020-8145
PUBLISHED: 2020-04-01
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup� and “wizard� endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP ...
CVE-2020-8146
PUBLISHED: 2020-04-01
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the win...
CVE-2020-6009
PUBLISHED: 2020-04-01
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.