Picture being given a sealed box and being told to guard it with your life. Without knowing what’s inside, how would you protect it? Would the contents get damaged by movement? Or heat, or noise? You don’t know. And that’s a problem facing data centers, too.
Believe it or not, most IT heads have little or no idea what is going on in their data centers. Cisco, for instance, has 800,000 data center customers but believes less than 1 percent of them have a complete view of what their systems are doing.
“It’s really closer to 0 percent,” says Yogesh Kaushik, a senior director in the security business group at Cisco. “Nobody has any meaningful visibility into the data center.”
The reason for this is simple, he says. While IT heads may know what hardware is going into their data centers, once the servers and storage assets are switched on, they quickly fill up with all kinds of software from all kinds of users.
There is often little or no control over this process. And things have got worse as on-premise assets have been merged with cloud-based hardware in hybrid data centers.
See also: Software-defined WANs, without the compromise.
Not knowing what is really going on across these sprawling data landscapes makes it very hard to secure them, or to know what might happen in the event of a breach. To date, the best view into the data center has tended to be via change management databases (CMDBs).
These contain all that is known about the hardware and software in a data center. But a CMDB will only give you a partial view of what is going on. Kaushik says the best level of confidence he has heard of for a CMDB was 60 percent.
That was from a firm which had spent a lot of time and effort in cleaning up the data. And, Kaushik notes: “That’s just about application configuration, not about how the applications behave.”
Knowing how software systems are linked is almost as key as knowing about the systems themselves, because a problem with one system could easily cause issues with the other systems it is linked to. Knowing how software systems are linked is almost as key as knowing about the systems themselves, because a problem with one system could easily cause issues with the other systems it is linked to.
In an attempt to get this view, some firms will pay millions of dollars to survey their data centers. At the end of the process, you may have a snapshot of what the data center looked like when the research was carried out—but not what it looks like today.
Cisco has worked hard to solve this problem, and now offers an alternative. The Cisco Tetration platform is able to look into system flows and links in real time, giving data center owners a complete view of their software and hardware assets.
It can help you see what will happen in your data center if you make changes, as well as flagging non-standard flows or actions that might betray a breach or vulnerability.
It also gives you a way to capture intent and, using machine learning, develop security policies for micro-segmentation. Tetration has a 60 percent to 70 percent ROI compared to traditional discovery projects, Kaushik says.
This has made Tetration the data center security system of choice for customers ranging from military establishments to banks such as First National Bank in South Africa.
Jon Oltsik, senior principal analyst at Enterprise Strategy Group, says: “Complexity is the enemy of security, and the data center is getting more complex.
“Tetration goes out and discovers all my workloads, understands the connectivity between workloads, gives me detail in terms of what processes are running, and also gives me guidance on policy,” he says. “And by the way, I can enforce those policies as well.”
###
The contents or opinions in this feature are independent and may not necessarily represent the views of Cisco. They are offered in an effort to encourage continuing conversations on a broad range of innovative technology subjects. We welcome your comments and engagement.
We welcome the re-use, republication, and distribution of "The Network" content. Please credit us with the following information: Used with the permission of http://thenetwork.cisco.com/.