Data Center Consolidation: Security Considerations and Best Practices
IT must balance the need for reducing costs while keeping data secure, meeting compliance requirements, and improving services to business users.
by Joe Anthony
It’s no surprise that the economic changes in the last year have put new competitive pressures on many businesses, in turn creating new challenges for IT organizations: to reduce costs while improving service and proactively managing risk in the data center. Data center managers today are responsible for meeting ongoing compliance requirements and new government mandates, and they must mediate and prevent new security risks and threats, ensure the security of valuable assets and sensitive information, and improve services to business users through more reliable and available applications.
To meet the challenges of this new business landscape, many organizations have realized that one effective approach to reduce operational costs while improving performance is data center consolidation. Although consolidation efforts have been underway for years, the most effective data centers build on a dynamic, virtualized infrastructure that can change its capabilities to meet new requirements business users demand.
Drivers and Benefits of Data Center Consolidation
Consolidation is being driven by a shifting IT model in which real-time, event-driven workloads, richer content, and modular technologies are altering enterprise systems, as well as how these systems are deployed and managed. Our industry is moving towards platform-agnostic application software and middleware to support real-time and event-driven processing, capabilities necessitated by an exponential explosion of data in recent years. In fact, today 15 petabytes of data are generated daily -- a volume eight times more than the combined data contained within all U.S. libraries. This makes it imperative for IT organizations to increase utilization of existing resources, reduce energy and operational costs, and better manage resources and services.
Unconsolidated data centers can be complex, fragile, and expensive environments. Increased labor and energy costs (from underutilized capacity), server sprawl, and inefficient resource management (due to low infrastructure visibility) drive up TCO. In addition, service delivery is impacted because the IT organization cannot be as flexible and responsive as it would be with a consolidated infrastructure. The result is reduced quality of service and the inability to align IT and business goals.
Virtualization: A Cornerstone of Consolidation
Virtualization has served as a basis for consolidation initiatives in many data centers because it enables an organization to reduce its physical infrastructure and associated energy costs. Network, compute, and storage virtualization provides a flexible dynamic infrastructure that makes it simpler to manage with improved quality of service.
Application owners can rapidly clone environments, adding system resources such as memory and CPU, and deploying them on an as-needed basis. Infrastructure owners benefit from system stability, simplification, increased agility, and improved change management. In addition, data center consolidation can result in energy savings and other green benefits. For example, some organizations have doubled their IT capacity in a three-year period without increasing their energy footprint.
Security Considerations and Best Practices
One of the main considerations IT organizations undertake in any consolidation effort is the security of the data center, and with good reason. The stakes for maintaining high levels of security within the data center infrastructure are high. According to the CSI Computer Crime and Security Survey in 2008, financial fraud costs organizations on average $500,000 per year, and the Disaster Recovery Journal in 2007 reported that 93 percent of companies that suffer significant data loss are out of business within five years.
A virtualized infrastructure can help organizations mitigate the risk of security breaches. By reducing the number of servers and the number of data centers to manage, consolidation efforts reduce the number of possible points of attack.
Effective security implementations leverage solutions across the enterprise and all the security areas where the organization prioritizes security needs -- across the people, data, application, and infrastructure domains. A few of the key steps to ensure security include:
- Undertaking a complete vulnerability assessment across networks, data, and applications to understand where the critical risks exist
- Building a road map of security priorities and required investments that will best protect the organization
- Identifying the solutions that will address areas of vulnerability and risk, using a layered approach to security that protects data from the data center to the distributed endpoints
- Using encrypted storage and endpoint encryption to protect sensitive data whether in transit or at rest
- Enforcing and controlling user access to critical assets through identity management, access control, and single sign-on (SSO)
- Implementing corporate-wide security standards and guidelines to ensure a holistic security approach across the organization
- Providing end-to-end security for applications and information across multiple hardware and software platforms and networks
At the user level, these security measures can help an organization block spam e-mail messages, viruses, and other malware as well as enable more productive access to needed resources. At the data center level, it can mean significantly fewer security patches to apply and easier, more effective user management and intrusion detection and response. In addition, consolidation of multiple servers can be leveraged for disaster recovery and business continuity purposes.
Mainframe Consolidation
IT organizations that require the highest levels of data security and performance may consider consolidating their servers onto mainframes because such hardware has special capabilities for securely executing multiple, mixed workloads on a single server or sysplex. Through dedicated cryptographic processors, encryption engines, and other dedicated security resources, mainframes are engineered to secure against unauthorized access to applications and data, malicious attacks by hackers, and enable encryption both across the network and for data at rest.
These resources ensure security processing can be handled without affecting the general application processors, thus maintaining transaction throughput. Additionally, mainframes have received Common Criteria Evaluation Assurance Level 5 (EAL5) Certification which keeps data used by different applications running on different partitions secure and distinct.
Organizations can ensure they are following best practices for secure consolidation by taking these additional steps:
- Uniformly improving security and management across the entire infrastructure
- Integrating security throughout the organization; currently, many IT organizations are approaching security on a stovepipe basis and are not integrating with the appropriate business processes
Summary
Leading analyst firms have pegged virtualization as the driving force within the data center through the next few years, with server virtualization leading the charge. As virtualization moves up the adoption curve, IT organizations will increasingly consolidate their data centers for operational savings and improved business benefits, many of which have been well-documented and experienced by organizations already underway with these projects.
Virtualization provides the ability to evolve to a service-based IT environment, where system services can be linked and integrated to provide the business with a consistent basis for visibility, control, and automation of their IT assets, linked to the needs of the business.
One key concern that any organization faces is ensuring security within the data center and managing risks that have the potential to be economically devastating. By taking a proactive approach to security within the enterprise -- from adopting corporate-wide policies to managing user access and ensuring end-to-end, integrated security management -- IT organizations can help mitigate new threats that arise.
Finally, for the highest levels of security, enterprises should consider consolidating onto mainframes that provide dedicated security resources and the foundation for an enterprise security hub.
Joe Anthony is the program director of identity and applications security product management, IBM Tivoli. You can contact the author at jca@us.ibm.com