Aug 19 2019
Security

3 Steps to Establish a Data Center Chain of Trust

Federal agencies need to think differently about cybersecurity protection and implement hardened security within their data centers.
Steve Orrin, Intel
by

Steve Orrin is the federal CTO for Intel Corporation. He has held architectural and leadership positions at Intel, driving strategy and projects on identity, anti-malware, HTML5 security, cloud and virtualization security since joining the company in 2005. Previously, Orrin held technology positions, including serving as the chief security officer of Sarvega, CTO of Sanctum, CTO and co-founder of LockStar and CTO of SynData Technologies.

Data center attacks are coming in fast and furious and taking many different forms. From distributed denial of service attacks and ransomware to large scale data breaches, threat vectors are becoming increasingly pervasive and sophisticated. It’s no surprise that Gartner is reporting that the $90 billion spent on security in 2017 will grow to $1 trillion by 2022

Despite this robust spending forecast, combating cyberthreats continues to be a challenge for federal agencies, for several reasons. Budgets are tight, resources are scarce and modern data center environments have grown increasingly complex. Today’s workloads don’t just run on-premises; they also run in the public and private cloud and at the edge. All of this exposes data centers to a greater number of risks. 

What can security managers do to ensure the security of these data centers? The most important things are to implement policies to secure data wherever it resides, build security in from the outset and make sure security is hardened enough to prevent data leakage. 

Let’s take a look at how this can be done.

MORE FROM FEDTECH: Discover how forensic IT tools lead agencies to better answers after breaches.

1. Secure Data Throughout Its Lifecycle

While many government organizations prioritize the protection of their software applications and network perimeters, hackers are increasingly targeting more vulnerable hypervisors, boot drivers, firmware and hardware further down the stack. 

As you get closer to the base, attacks get harder to detect and remediate. That’s because software solutions aren’t optimized for hardware, and some components, such as hypervisors, can be vulnerable to new attack methods. Hypervisors pool virtual machine memory space and cores — in other words, they share resources to drive efficiency — but that can expose them to increased risk.

However, these challenges can be overcome through new design techniques. If security is built into data center architecture at the outset, from the processor foundation outward, data can be effectively protected throughout its lifecycle — at rest, in flight and in use.

2. Bake Security Controls into Hardware

To secure a data center stack, cryptographic techniques need to be rooted into the silicon of the foundational hardware and applied in every layer thereafter, up to the applications. This reduces the surface area of vulnerability, which grows as a system performs more functions. 

Eliminating potential attack vectors, from superfluous programs and permissions to ports, gives attackers and malware fewer opportunities to gain a foothold. 

This approach is called a hardened security model, and it creates a chain of trust along the length of the stack. Hardened full-stack security provides reassurance to users — and, crucially, defends them more successfully against attacks.

3. Prevent Data Leakage, Modification and Privilege Escalation

Hardened security can also foil data leakage, modification and privilege escalation. The latter signifies a situation in which an unauthorized user gains access to data center resources or services with the intent to view, manipulate or delete data. 

Hardened security prevents such attacks by using hardware-enforced firewalling to separate sensitive data from untrusted workloads, providing cross-domain protection. The partitioning and isolation of shared resources such as caches, cores, memory and devices in the virtualized environment supports data confidentiality, integrity and availability while providing consistent application performance. At the same time, isolation techniques create more runtime security domains within a trusted virtualization environment.

MORE FROM FEDTECH: Find out how SBA, the Department of the Interior and the Department of Energy deploy CDM effectively.

How to Think Differently About Cybersecurity

We’re far removed from a world in which bolting on security is an acceptable practice. Today, federal organizations must continue to think differently about cybersecurity protection and take proactive stances against evolving cyberthreats. Security must be built in from the ground up.

Building a chain of trust in a data center environment using a hardened security model is a great place to start. The approach enables security at cloud scale without sacrificing performance or agility. 

It’s precisely what is needed in today’s environment, where agencies need to keep vulnerabilities at bay while maximizing the full potential of their data centers to drive innovation and reduce costs.

baranozdemir/Getty Images

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now