BY LEVERAGING AUTOMATION TO REDUCE ENGINEERING AND DELIVERING CONSISTENT SECURITY , DATA CENTRE OPERATORS CAN IMPLEMENT ZERO TRUST TO SECURE THEIR APPLICATIONS , USERS AND DEVICES .
UNCOVERING THE LAYERS
What are the possible ways in which hackers can gain access to data centre login credentials ?
Data centres offer a lucrative opportunity for attackers to launch supply chain attacks . By compromising a data centre ,
BY LEVERAGING AUTOMATION TO REDUCE ENGINEERING AND DELIVERING CONSISTENT SECURITY , DATA CENTRE OPERATORS CAN IMPLEMENT ZERO TRUST TO SECURE THEIR APPLICATIONS , USERS AND DEVICES .
they have the ability to backdoor into major companies and even cloud service providers .
Data centre operators have a variety of portals that are accessed by their customers , their administrators , their thirdparty contractors and so forth . Each portal presents an avenue for credential attacks .
There are a variety of ways credentials can be attacked . If these portals have single-factor authentication , then they are highly susceptible to brute force and dictionary attacks . Weak endpoints can be compromised through phishing attacks . If 2FA is used , the level of protection is much higher . However , there are attacks targeting 2FA such as SIM swapping and man-in-the-middle attacks .
How can data centre operators protect themselves from such attacks ?
Basic security hygiene enhancements such as automated vulnerability / patch management , strong password enforcement and Two-Factor Authentication ( 2FA ) and adding security checks early in a software development or DevOps life cycle contribute to raising the security posture in the long run and making it challenging for attackers .
Specific to credential attacks , the use of hardware cryptographic tokens like FIDO2 would greatly limit the attack surfaces . However , these tokens create ease of use issues and should be used only for consequential access . Another form of defence can be to execute the Zero Trust principle of continuous validation on privileged access . Deploy access monitoring capabilities that will actively detect anomalies in usage and access patterns .
Data centres are also becoming increasingly open to having partnerships with business partners , distributors , customers , contractors and vendors , exposing themselves to potentially vulnerable third parties and introducing their security vulnerabilities . Security must be enforced at multiple points to follow workloads everywhere – on the perimeter , network fabric and host . Implementing best practices will help better protect dynamic data and application workloads . Protecting core applications and sensitive data requires cloud-centric , clouddelivered security agility to converge with Zero Trust Enterprise Architecture principles . By leveraging automation to reduce engineering and delivering consistent security , data centre operators can implement Zero Trust to secure their applications , users and devices . �
64 www . intelligentdatacentres . com