We understand why many companies still host onsite. It just feels safe. You have your own people supervising hosting and keeping an eye out for potential data center security threats. But in reality, keeping your IT onsite is usually more dangerous. With the right partner, cloud security and compliance can overcome a range of risks that plague onsite hosting.
Data Center Security Challenges Mitigated in the Cloud
(1) Cloud Data Centers Enhance Physical Security
Despite virtualization, physical security is still a crucial consideration.
If you’re hosting onsite your data is physically located in those servers, and a malicious insider with access to the data center could cause major damage. Insiders are most commonly to blame for security breaches, and onsite data center security typically ranges from inadequate to terrible.
The data center itself is often unlocked, or protected by an easily-picked key lock, and there is rarely adequate surveillance or supervision. A determined insider can almost certainly break in, sabotage or steal servers containing sensitive data, then slip right out the door.
Building design can pose additional data center security threats. Criminals can slip under raised floors or crawl over drop ceilings, gain unrestricted access, then leave the way they came in.
Threat actors may also use social engineering to try to gain access. Insiders can gather information from coworkers over time, or just directly ask to borrow a colleague’s ID. Outsiders may use social engineering to target, blackmail or befriend insiders, and manipulate them into providing access.
A cloud hosting provider can reduce data center security risks.
Symmetry’s Tier 3 data center services remove physical access to internal systems by insiders, and provide much better physical defenses against both inside and outside actors. Our data centers are reinforced structures, protected 24x7x365 by onsite security, along with surveillance cameras inside and out.
Sophisticated access controls like key cards and biometric scanners ensure that only appropriate employees can enter, while mantrap entryways prevent unauthorized people from “tailgating” — i.e. sneaking in behind a worker. Dedicated cabinets and cages can provide an extra level of security for your most valuable data.
(2) Cloud Data Center Security Guards Against Zero-Day Exploits
Black hats move quickly.
The Hollywood image of the inquisitive hacker patiently exploring an IT landscape still captures the imagination, but hacking is big business these days. Criminal gangs use automated tools to find, create and harness cyber security vulnerabilities. When they discover weaknesses in applications that haven’t been detected and patched, they can quickly deploy them to invade landscapes, and steal or deface information. This can cost millions, undermine customer trust, and cause lasting damage to your company.
Of course, the good guys are hard at work too. White hat hackers try to find and correct vulnerabilities in software, so companies can release patches to fix them. Antimalware companies focus on detecting new bugs in the wild so that their software can defend against them.
But in many ways, the bad guys have the advantage. Hackers only have to find one way in, yet administrators have to find all of them. And your surface of attack is huge — an unsecured application, an open node or an unsafe connection anywhere on your system could potentially be used to gain access.
But the biggest problem is that that your onsite IT just don’t have the resources to handle cyber security services. According to the Verizon 2016 Data Breach Investigation Report, 85% of all successful exploit traffic comes from just 10 common vulnerabilities, yet systems often remain unpatched for years.
And if your team can’t handle patching on the application level, it’s a near-certainty they haven’t tackled data center security on the network level. It’s likely your network security architecture isn’t configured to defend against suspicious traffic — in fact, you may not even have basic protections like disk encryption.
Managed data centers have the resources to stay ahead of hackers. Symmetry uses a multi-tiered approach to IT security. Our admins can keep your landscape patched and secured against exploits, preventing the most common attacks. Basis layer hardening protects your database from exploits. We protect against data center security threats with network hardening, penetration testing and architecture built from the ground up to keep our clients safe.
Meanwhile, our cyber security services team provides around-the-clock monitoring and incident response, using sophisticated detection tools like Palo Alto WildFire. WildFire watches activity across your landscape, looking for dangerous traffic and files, malicious domains and other potential threats.
Potential threats are forwarded to Palo Alto, analyzed and (if they’re found to be actual threats) neutralized. This allows WildFire’s customers to pool their combined experience with attackers — if a hacker uses a particular technique to try to gain access anywhere, Palo Alto will learn to quickly stop that threat everywhere.
(3) Managed Services Prevent Unplanned Data Center Downtime
Providers can’t provide backup infrastructure. Hardware is expensive to buy and maintain if you aren’t operating at an economy of scale. Not only are servers, routers, cooling systems and other components more expensive, but companies also have to pay much more for setup, configuration and maintenance as they generally don’t have employees with those skills in-house. And with a lack of CapEx to modernize legacy infrastructure, it’s often all they can do to keep things running.
Unplanned outages are inevitable, and often severely damaging. Companies rarely have redundant systems inside onsite data centers, meaning when something breaks the system is down until you can get a new component installed. A burned out power supply, failing cooling unit or broken network switch can quickly slow the system to a crawl, knock out parts of the landscape, or shut everything down altogether.
An enterprise data center can provide better uptime at lower cost. With enterprise cloud services in a Tier 3 data center, you’ll have redundancy built into every system. Symmetry has two or more of everything (power sources, cooling units, network carriers, switches, physical hardware, storage controllers, etc).
That means your SAP hosting landscape can continue running while equipment is serviced or replaced. Tier 3 data centers need to maintain an uptime of 99.982%, meaning any provider at that rank will be down for less 94.608 minutes throughout the whole year. In fact, Symmetry goes beyond that. Our Reston Data Center, for example, offers a 100% uptime SLA.
Choosing an Enterprise Data Center
Although the managed cloud can be much safer than onsite hosting, everything depends on your provider. You need an MSP that can guarantee physical data center security, defense against hackers, ultra-high uptime and consistent performance.
Commodity cloud providers like AWS may provide physical data center security and connectivity, but that’s about it. SLAs don’t guarantee performance, meaning your system can slow to a crawl without violating the contract. And you’re on your own when it comes to defeating hackers. You have to administer and patch your landscape, and either outsource managed security services or provide your own.
An enterprise application hosting provider can provide complete support for your landscape, while ensuring you’re covered when it comes to data center security, cyber security and compliance. With a high-touch partner acting as an extension of your team, you won’t have to assemble multiple vendors or stress internal IT past the breaking point. With broad cloud and IT infrastructure expertise, we can get you out of your vulnerable onsite data center and into a safe, worry-free cloud environment.
Contact us to learn more about how Symmetry can keep you safe in the cloud.