Compliance & Risks
Physical Datacenter Security and Threat Mitigation
Physical security may have more of an impact on cloud operations than you think
The physical security of a datacenter (DC) likely conjures thoughts of man traps, push bar doors, locks, heating and cooling systems. Very rarely does the need for redundancy to secure a physical DC come to mind.
But the case of the fire at the OVHCloud center in Strasbourg, France, brings up this very real need. The OVHCloud datacenter was the host of many organizations’ applications, environments, infrastructure, and traditional colocation hosting. A fire at the DC in early March disrupted millions of websites, knocking out government agencies’ portals, banks, shops, news websites and took out a chunk of the .FR web space. At the time of this writing, many of their services have yet to be fully restored: http://travaux.ovh.net/.
Physical Risks with Digital Impacts
We’ve seen the impact of fires on physical security, but it’s not the only threat. Power related issues causing surges or reliance on back-up generators are the most common physical impact. Weather-related issues such as flooding or storms can have the same effect. Fires, in general, are less of a risk due to the halon and fire suppression systems relied on in these facilities. Most of the time, these physical risks are meant to be segmented off and contained, not resulting in complete DC loss. However, those plans are sometimes foiled depending on the threat.
The fire at OVHCloud should encourage datacenter managers to evaluate their protections against physical threats, and businesses relying on datacenters to consider the associated risk to their data and business operations.
Mitigate Physical Security Risks
Many organizations are undergoing a digital transformation, shifting from on-premises environment hosting to multi- cloud hosting. This began years ago with hosted email and application solutions and has gained popularity in the last decade with complete environments, production applications and more being hosted by a 3rd party.
Here is a look at the typical application and infrastructure journey through cloud migration:
One potentially overlooked benefit of multi-cloud or a hybrid cloud strategy is to mitigate the risk of this sort of disaster for your organization. If your organization has migrated to the public cloud, with some legacy applications still on premises, you’ve a bit of redundancy built in. Consider multiple public cloud hosts, or keeping some hybrid infrastructure (depending on your business need).
More than 80% of companies use a multi-cloud strategy, typically comprised of a hybrid cloud model that relies on public and private clouds (https://info.flexera.com/SLO-CM-REPORT-State-of-the-Cloud-2020). We see a similar ratio among our research – many companies use a multi cloud strategy for various reasons.
One reason for a multi-cloud approach should be reducing the risk of having “all your eggs in one basket.”
The use of multiple public and private clouds will help mitigate the risk of outage disruptions pending the use of proper configuration for fail over and redundancy.
The top concerns against multi cloud are cost, visibility, portability of environments and security. All of these concerns, however, can be addressed through the cloud vendor, internal resources and 3rd party solutions – to give the organization peace of mind and control over what’s happening with their applications and infrastructure.
What You Can Do
The net-net is to have visibility and minimize risk to your cloud presence by diversifying your environment.
Diversification comes from the use of multiple public cloud providers. In addition, your current volume license may allow your organization to leverage current contacts. Combining both sets you up for easy migration if one side of your cloud presence needs to be moved or duplicated for redundancy.
Visibility comes from solutions such as Trend Micro Cloud One, which allows a multi-cloud view into the health and footprint of your cloud presence.
No matter where your cloud-based data lives, Trend Micro has security covered across workloads, containers, apps, networks, file storage, and posture management.