Professional Documents
Culture Documents
W
informationweek.com/government
@michaelbiddick
nothing in the face of real threats to our security and our economy.
Federal government data centers are at the center of this discussion. The systems and databases within those data centers house
everything from the personal information of U.S. citizens to law enforcement case records and classified intelligence.
Federal agencies have been shoring up their data center defenses
Copyright 2013 UBM LLC. Important Note: This PDF is provided solely as a reader service. It is not intended for reproduction or public distribution. For article
reprints, e-prints and permissions please contact: Wrights Reprints, 1-877-652-5295 / ubmreprints@wrightsreprints.com
March 2013 5
20%
Under investigation/other
38%
18%
Malicious code
7%
17%
Scans, probes, attempted access
Unauthorized access
ployees, DOE recommended that they encrypt all files and emails that contain personal
information, including files stored on hard
drives or on the shared network.
The Department of Defense, even with its
U.S. Cyber Command operations, remains vulnerable as well. The Defense Science Board, a
civilian committee that provides scientific and
technical advice to the Pentagon, said in a report this month that the DOD isnt prepared
to defend against sophisticated international
cyber attacks. The report pointed to inherently insecure architectures, inadequate intelligence and the sheer limits of technology
March 2013 6
Previous
Next
Table of Contents
firewalls and intrusion-detection systems. Government employees fall victim to phishing attacks, inadvertent file sharing and malware-infected USB drives, or they simply lose their
iPhones and BlackBerrys. And as the State Department learned in the WikiLeaks case, agencies must take precautions to protect off-limits
documents and other data from employees
and other insiders who would sneak them
outside the firewall. In many cases, the same
centralized IT security systems and processes
that protect the data center play a role in detecting and responding to these soft spots.
The trend toward smart data centers, those
with automated cooling and power management, may be the next thing to worry about.
Malware can be used to access and harm automated systems through a back door in much
the same way that the Stuxnet virus infected
controllers at one of Irans nuclear power
plants.
Steps Of Risk
Management
Constant Attention
The Office of Management and Budget, the
National Institute of Standards and Technology and other federal departments with responsibility for government-wide IT security
continue to ratchet up the requirements.
In February, NIST released an updated catainformationweek.com/government
vent attacks.
Software tools can help with these tasks.
They include SolarWinds monitoring software, ManageEngines OpManager, IBMs Internet Scanner, Lumetas IPsonar network discovery product and Ciscos Security Manager.
IBM Tivolis Continuous Data Protection for
Files, FalconStors Continuous Data Protector
and Ideras auditing products can track data
leaks and prevent other issues by limiting
users ability to transport data.
Security incident and event management
(SIEM) is also part of the answer. HewlettPackards ArcSight, EMCs RSA, Sensage, IBM
Q1 Labs and NitroSecurity offer products in
this category. Those SIEM systems collect
events from firewalls, intrusion-detection systems, access control and authentication systems, and switches and routers, and then correlate those events to identify security
violations. They log violations and can take action to prevent or limit impact.
Such capabilities help IT organizations comply with rules and regulations around storing
and analyzing log data, and they provide a
mechanism for investigating incidents after
the fact. Log storage and review are fundamental security practices accomplished with
tools such as LogRhythm, Splunk and WhatsUp
informationweek.com/government
chine attacks, mixed trust-level VMs, hyperjacking malware and other compromises.
Federal agencies are halfway into a five-year
plan to consolidate hundreds of data centers,
and that initiative is accelerating the pace of
virtualization and cloud adoption, highlighting the need for secure cloud data centers.
Private clouds in a well-managed data center have the potential to be more secure than
distributed systems. But because multiple organizations use shared hardware under this
model, theyre also bigger targets. For that
reason, the data center controls discussed
above continuous monitoring, event management, real-time response are just as important in cloud environments.
Public cloud services are a bigger concern
because, in some cases, theyre delivered from
data centers that have not previously been
vetted by security-minded federal agencies.
The Federal Risk and Authorization Management Program is meant to raise confidence in
cloud services by bringing a standard approach to security assessment and authorization. Started in December 2011, FedRAMP
only recently has begun assessing cloud
providers.
Those assessments include a close evaluation of the service providers data center facilMarch 2013 9
work, looking for active command and control activity between network IPs and suspect
domains. The service provides real-time notifications when computers attempt to connect to malicious networks, with details on
the malware involved, time stamps and destination hosts.
Ultimately, progress with data center security depends on a combination of new technologies and better business practices. With
so many threats coming from so many
sources, data center managers must focus
their resources and efforts on those actions
that stand to have the greatest impact.
Of course, sturdier walls physical and
virtual will only get you so far. Fresh
thinking is required, too. Says Khawaja: This
notion of getting smarter about security is
absolutely critical.
Michael Biddick is CEO of integrator Fusion PPT. Read more
stories by him at informationweek.com/michaelbiddick.
Write to us at iwletters@ubm.com.
March 2013 10