SoftwareOne logo

6.9 min to readCloud Services

Leveraging cloud configurations as threat protection for hyperscale data centers

Ravi Bindra
Ravi BindraCISO
A woman's finger is pointing at a colorful screen.

Hyperscale infrastructures are high-performance networks, often data centers, that enable big data analytics with low latency connections. Organizations leverage these infrastructures to meet new business requirements, such as distributed workforces and new digital customer experiences.

However, organizations struggle to maintain secure cloud configurations that protect these hyperscale infrastructures because comprehensive security measures often create a network bottleneck. As organizations modernize their business models, they need to adopt strategies and technologies for securing cloud configurations as threat protection for their hyperscale data centers.

The rise of the hyperscale cloud

As companies embrace digital transformation strategies, partnering with hyperscale cloud providers like AWS and Azure is quickly becoming the only way to maintain a competitive edge. They provide the foundation for a digital transformation strategy by giving organizations the cutting-edge speed and agility needed to maintain a competitive advantage.

The data supports this move from on-premises deployments to complex cloud infrastructures supported by data centers. In fact, the global hyperscale data centers market is expected to grow from $25.72 billion in 2020 to $28.7 billion in 2021. Moreover, hyperscale cloud service providers will continue to grow, with market projections targeted to reach $57.47 billion in 2025. Research also notes that 111 hyperscale data centers were built between 2018 and 2020, with 52 of those coming online in 2020. In short, hyperscale is here to stay.

Hyperscale data center use cases

Any organization, no matter the industry, can adopt hyperscale data centers. Every organization wants a cost-effective approach to realize business goals, and these IT infrastructures offer that capability. Let’s examine how three prominent industries are leveraging the hyperscale cloud today.

Healthcare

Despite healthcare’s hesitance toward new information technology, the hyperscale cloud is creating accelerated adoption in healthcare due to a variety of factors. One example is the increased stress put on healthcare IT teams due to telehealth and patient portals. These hyperscale data centers help hospitals secure the private patient data contained in these apps while enabling the health system to provide better data sharing across specialists. Additionally, the hyperscale cloud helps hospital care teams collaborate and share research for better healthcare outcomes.

Financial services

Similarly, customers drive the financial services industry to adopt hyperscale cloud services. Customers are increasingly using banking applications to manage their finances. The financial services industry also leverages big data to suggest additional products or services based on customer behavior. For example, customers whose accounts indicate a large cash deposit might be interested in an investment opportunity.

Retail and e-commerce

Hyperscale data centers enable retail and e-commerce providers in many different ways. First, they can automatically right-size technologies like their ERP to address high volume periods. Additionally, they help retailers provide reliable web and mobile applications for online purchasing, even when droves of consumers are clamoring to shop online. For instance, hyperscale data centers enabled retailers to handle the increase in online shopping during the COVID-19 pandemic.

The top challenges with hybrid and hyperscale data center security

The hyperscale cloud provides critical business value, but like everything else, it comes with a price. Like hyperscale data centers, securing cloud resources means organizations need to understand how to protect sensitive data.

Increased attack surface

Distributed networks mean more end-users, devices, access points, and risk. As organizations look to secure their hyperscale infrastructure, they need to consider all the locations that store, process, and transmit sensitive data. At the same time, traditional measures to manage traffic, like firewalls, may create a poor user experience that increases latency and reduces access to services. This can limit employee productivity and leads to lost sales opportunities.

Reduced visibility

Hyperscale infrastructures are complex. Their primary value lies in their ability to integrate cloud-based applications across multiple networks. This benefit, however, leads to one of their primary security issues. Without proper checks and balances in play, it will be easy for employees to download unauthorized applications to devices connected to their network. If your organization lacks applications that provide visibility or control over these applications, they will become a threat vector for malicious actors.

Cloud misconfigurations

Even authorized applications and cloud services can create a risk of misconfiguration, especially if default configurations are left in place for an organization’s cloud service. While these misconfigurations can take many different forms, businesses commonly experience misconfigured storage buckets that leave unencrypted sensitive data exposed, open access to non-HTTP/HTTPS ports, and open Internet Control Message Protocol (ICMP) access.

These misconfigurations could be catastrophic for cloud security. Unfortunately, they’re quite common. A recent survey found that 73 percent of cloud engineering and security teams admitted to having over 10 misconfiguration incidents a day, and 10 percent experienced more than 500 incidents each day. These misconfigurations can result in breaches or noncompliance penalties if left unresolved.

Overcoming hyperscale hurdles

Organizations looking to secure their hyperscale infrastructures can take proactive steps to protect their data from threats and better secure their cloud deployments. While the problems and numbers might appear overwhelming at first, these risks can be managed with the right tools. One such tool is  SoftwareOne’s PyraCloud, a single platform designed to encourage visibility, reduce risk, and assist in cloud cost optimization across the entire cloud deployment.

Once companies have the right technology in hand to optimize you’re their hyperscale cloud environments, they should start building and deploying actionable strategies to reduce the risk posed by cloud misconfigurations.

Identify digital assets

Before an organization looks to secure anything, it needs to identify current digital assets. A company can’t protect what it doesn’t know it has. When identifying digital assets, the organization should consider its software vendors, cloud service providers, data storage locations, and the network these assets belong to.

Vulnerability assessment and penetration testing

The next step to securing a hyperscale infrastructure is discovering vulnerabilities and remediating control weaknesses. Engaging in a penetration test enables the organization to evaluate the current state of its configurations and remediate control weaknesses.

When deciding on a vulnerability assessment and penetration testing service, an organization should consider one that provides the following ways to discover vulnerabilities and assess control weaknesses:

  • Internal network testing and assessment – Find missing security patches, weak passwords, and misconfigurations.
  • External network testing and assessment – Identify misconfigured firewalls, routers, and weak authentication processes.
  • Web application testing and assessment – Discover weaknesses in web-facing applications, like misconfigurations and weak authentication procedures.
  • This particular assessment will help outline the breadth of the organization’s hyperscale cloud security initiatives.

    Network segmentation

    Network segmentation mitigates the impact a misconfigured cloud resource can have. Even if a malicious actor gains access to the network through the insecure cloud resource, network segmentation prevents the person from moving laterally.

    When looking to enhance security with network segmentation, organizations should create a strategy that includes a process for the following areas:

  • Identifying sensitive information
  • Consolidating similar network resources
  • Ensuring that data flows maintain productivity
  • Setting endpoint access controls
  • Conducting regular network audits
  • The goal of this exercise is to help find weak spots in the organization’s network segmentation strategy and patch them on an ongoing basis without disrupting productivity.

    Secure cloud workloads

    Securing cloud workloads is fundamental to a hyperscale threat protection strategy. Organizations need to monitor their cloud workloads continuously, but monitoring does nothing without putting the appropriate security settings in place.

    When looking for a cloud workload security solution, organizations should consider one that includes:

  • Malware protection
  • Network traffic monitoring
  • Virtual server patching
  • Virtual machine (VM) configuration protection capabilities
  • Prevention of application installation
  • This will help keep workloads safe if a malicious actor does breach your network.

    Final thoughts

    As organizations seek to enhance their business operations and customer offerings, hyperscale infrastructures will become increasingly important. However, building security into the process on the front-end can save money and increase the return-on-investment.

    SoftwareOne’s suite of solutions enables organizations to take a security-by-design approach to their hyperscale infrastructures. Our penetration testing services offer visibility into current state security controls and provides valuable feedback for remediating control weaknesses. Meanwhile, as the organization scales its cloud use, it can protect risky workloads by leveraging our Cloud Workload Security solution.

    A green field with a river running through it.

    Cloud Security

    Harden your cloud security with 24x7 policy-based configuration scanning.

    Cloud Security

    Harden your cloud security with 24x7 policy-based configuration scanning.

    Author

    Ravi Bindra

    Ravi Bindra
    CISO

    Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.