Managing Data Centre Security Data
Managing the heaps of security data generated in data centres is a staggering task. This is made more difficult by the fact that for comprehensive protection, enterprises have to manage not just security data generated by security devices like firewalls and IDS, but also data that is thrown up by network events and changes in configuration status of the data centre servers, network devices, storage devices, and applications.

Today, enterprises deploy network management software to monitor network events; change management software to log changes and check those against how things are supposed to be configured; and security event management (SEM/SIM) products to help filter and make more sense of security events generated from firewalls, IDS and other security devices.

But these solutions typically operate in isolated silos making it difficult to aggregate and transform the raw data into actionable information. Enterprises have to collate both security and management information through a single process, and centralize the information on an integrated management console. Event correlation technologies that are becoming common now would enable the console to make intelligent decisions and take proactive action to enforce security and compliance policies.

Dealing with the Internal Security Threats
In today's virtual enterprise model boundaries have vanished and the difference between outsiders and insiders has blurred. In this environment, an effective risk management strategy would entail positioning the data centre within a hub surrounded by a control layer that enforces security policy and identity and access management controls on everyone - employees, customers, suppliers, and partners - prior to them accessing resources.

This strategy would be effective only if all access to the data centre resources is marshalled through a controlled gateway. However, a characteristic of today's enterprises is unfettered connectivity that permits insiders to bypass centralized security controls, for instance through rouge modems or wireless access points. Therefore, focus on endpoint security controls is also vital.

The technology controls should be supplemented with ongoing enterprise-wide security programmes to usher compliance with enterprise security policies and to protect insiders from becoming gullible conduits for malicious outsiders through social engineering attacks.

Patch Management and Virus Prevention
The manner in which an enterprise administers its patch management, anti-virus, and spam control activities can have a material impact on the integrity of its data centre's operating performance. Technology solutions should be integrated with people and process-related controls such as awareness programmes, periodic vulnerability scanning, compliance testing, identification and classification of information assets, putting in place consistent policies and standards, and implementing an efficient security intelligence gathering process.

Today anti-virus technologies dependent on updating their virus signature files to be effective are largely obsolete because of increasing zero-day exploits that attack before the signature file can be updated. To overcome this limitation, next-generation anti-virus technologies that integrate intrusion prevention to counter unknown and zero-day attacks (such as McAfee VirusScan 8.0i) have emerged.

Enterprises should ensure that their patch management technologies not only automate the patching process, but also permit patch rollback, and work in heterogeneous environment (Windows, Linux and Unix). In the new data centres, next generation patch management technologies will be required that perform regular vulnerability and compliance scans to locate systems where patches where needed, manage configuration policies, and permit testing of the patches in a software simulated environment before applying them in the production systems (a crucial requirement in data centres),

Identity Management
Identity Management (IM) is a business strategy involving the entire enterprise, and senior management support is critical to its success. Efficient management of IM requires a thorough understanding of the enterprise's key business processes to determine the critical applications, information assets and transactions within the data center that are necessary to support the processes. This would help define which users need access to which resources in the data center and at what level of security. Data center administrators can then establish appropriate security policies and assign permissions and access rights to users based on their role within or outside of the enterprise.

Since every component of the data centre - servers, network devices, storage devices, and applications impose their own permissions and access controls there would literally be hundreds of mini-databases containing user account information scattered around the enterprise. This makes security management a nightmare. Therefore, efficient IM management requires the enterprise to establish an enterprise directory - a centralized repository of user account information, including certificates and keys, which a number of different systems can access, enabling centralized control of user accounts in the data centre.

The enterprise directory would enable Single-Sign-On (SSO) technology to permit users to sign on and authenticate themselves once, then access multiple resources in the local and remote data centres without re-authenticating. The directory also would also lay the foundation for a Privilege Management Infrastructure (PMI) that can facilitate very efficient authentication and authorisation within the intranet and the extranet. Data centers requiring high security must implement a PMI solution that uses PKI and biometrics for authentication.

Use of grid computing and distributed services in the new data centres requires establishing trust relationships among decentralized security and policy domains. This is made possible by Federation, which is the dominant trend in IM. For interoperability and efficient management, enterprises should adopt standards-based Federated ID initiatives like SAML.

Identity Management is in essence a business strategy, which not only provides security but also enables key enterprise business applications, like ERP, CRM, financial systems and others. For efficient IM management, the enterprise must integrate all data center applications into the IM solution. IM products typically provide simple API-based integration capabilities to permit this.