Cybersecurity threats and digital vulnerabilities
Companies must do their due diligence to protect critical assets, as edge data center and cloud-based cybersecurity cannot be left to chance. Knowing where vulnerabilities are within any system is the key to protecting them – however, it’s also important to note that there can be unknown, or ‘zero day,’ vulnerabilities that may fly under the radar. Once cybercriminals get inside, they can cause significant damage from stealing customer data to even shutting down business functions or power. It’s critical that facility managers understand the current cybersecurity arena to properly structure their data center cybersecurity plans. In fact, there are four main factors that have contributed to increasing cybersecurity risk, particularly in the OT environment:
- A larger landscape for potential attacks: With the increase in IoT devices and technology used in manufacturing settings, more endpoints are now susceptible to hackers entering the digital ecosystem. Smart factories are equipped with thousands of sensors connected at the cloud or the edge, creating thousands of new opportunities for cybercriminals to infiltrate and manipulate the system unlike ever before.
- Aging legacy infrastructure: Many of the world’s systems that control critical operations were installed decades before digital transformation and weren’t created with the threat of cyber-attacks in mind. It is critical for managers to assess the risk of legacy systems to stay aware of weaknesses in outdated infrastructure.
- Targeted attacks on new weaknesses: OT attacks typically aim for a specific weakness within a single target. Therefore, cybersecurity plans should consider specific paths of protection as measures such as antiviruses are not commonly applicable in these scenarios.
- Frequent third-party access: In the manufacturing environment, it’s common for external vendors, field service engineers, and other third-party individuals to have access to OT devices through their own devices, fully hosted environments, or the internet with little control or oversight. This widens the potential endpoint connections for hackers to infiltrate.
Once the threats are known, data center operators can take the necessary steps in creating an effective cybersecurity framework. It is critical that the plan takes every factor into consideration, from OT threats to dangers in the IT room.
Best practices for data center cybersecurity
While every plan might look a little bit different, some of the most effective data center cybersecurity plans have several things in common. They tend to follow best practices that incorporate encrypted devices, firewalls, intrusion detection systems (IDS), security information and event management (SIEM), and security operation centers (SOC), as well as meticulous physical security into their strategy. Extensive audits with important compliance standards considered, such as NIST 800-53 PE, FISMA, SSAE-18 (SOC 1)/ISAE 3402, PCI DSS, HIPM, HITRUST, and ISO27001 are also common. Other key aspects included in the most stringent cybersecurity plans involve the securing of the main entry point (core) by putting IT systems into “clusters,” and redundantly protecting those clusters, as well as hard connected IT devices, through physical communications cables.
On the human side, security-conscious companies will often integrate executive oversight into their leadership team through the creation of a new chief security officer role. They might also require their software developers to attend mandatory security trainings. Because any changes should be subject to peer-level oversight in both operations and development, baking security skills into the structure of the organization will streamline this process. Code and infrastructure changes should be reviewed by at least one other team member to ensure code security, quality, and performance. Taking these extra steps will validate that the system is safe from threats posed by cybercriminals.
To maximize protection, responsible data center teams should not only embed cybersecurity into their own systems, but also consider how their suppliers approach cybersecurity. Cloud-based monitoring and management platforms should have cybersecurity integrated at every level. For instance, platforms should be consistently scanned for vulnerabilities with third-party security tools while all development work that involves changes to source code is checked for bugs, security, and license issues through static analytic tools.
To take all these matters into consideration and address this complicated task, managers should craft a strategic cybersecurity plan that addresses all these internal and external factors. Naturally, the plan will consider internal practices, but it must also take into account how chosen service providers will ensure a safe environment that matches the organization’s security profile. Hypervigilance is a skill that many data center operators will need moving forward to safekeep mission-critical devices and customer data.
Protecting the entire digital ecosystem
Although data center cybersecurity should be top of mind, securing the greater digital ecosystem is a necessary counterpart to any data center security strategy. Employing a wide view that looks past the obvious targets provides a perspective that will generate a strong plan. In the data center, most of the focus rotates around defending the core where all the servers and storage are located. However, cybercriminals look for any way to flank their target’s defenses. Data centers tend to be managed in three domains – the IT Room, Power, and Building (cooling). To ensure complete coverage, there must be a clear cyber roadmap that connects the dots across the whole ecosystem including establishing a multi-layered cybersecurity posture throughout the company as well as securing the broad ecosystem of partners, suppliers, and customer deployments. In doing so, the organization and its data center facilities will have maximum visibility into potential issues.
Companies that have a clear picture of the risks – both known and unknown – will be better prepared to build out a comprehensive and effective cybersecurity strategy. Due to aging assets, the higher number of connected devices, targeted attacks, and regular exposure to third-party access, cyber-attacks have become far more frequent. Best practices such as encrypted devices, firewalls, clearly defined business protocols, and closer attention paid to security-focused roles will help defend this wider attack landscape. However, proper cybersecurity does not end there – securing the larger digital ecosystem will ensure that cyber-attacks cannot enter from any domain within the organization. There are many things to consider, but with the right preparation, data center operators can manage a well-kept cybersecurity plan that keeps cybercriminals at bay.
Andrew Nix is the Americas Cybersecurity Solutions and Services Manager for Schneider Electric’s Global Cybersecurity Services organization. Schneider Electric drives digital transformation by integrating world-leading process and energy technologies, end-point to cloud connecting products, controls, software and services, across the entire lifecycle, enabling integrated company management, for homes, buildings, data centers, infrastructure and industries.