Private cloud implementations with standard data centers were particularly vulnerable to these attacks, due partly to their physical and organizational structure. What’s more, many companies still have too much red tape, insufficient IT budgets and an adequate strategic focus. While this may no longer apply to shrewd and modern SDDC (Software Defined Data Center) and to public or hybrid cloud implementations, they are still vulnerable to a number of traps.
I still come across customers who operate data centers without complex admin passwords, active antivirus programs on all systems or dedicated responsibilities for security-relevant issues. This is grossly negligent. RAID level and virtualization, which have confined hardware crashes to the annals of history, give us a false and dangerous sense of security!
Three of the most frequent problems:
The host systems are no longer patched, as there are no acute bugs.
- Backups are not monitored correctly, as error messages are not received.
- The various virus scanners and levels are not checked, as it would be too laborious.
That’s even without mentioning additional options like active system reporting using tools (e.g. VMware vRealize Operations Manager) or security audits (possibly a penetration test). It’s almost like saying: “As long as the car keeps driving, I won’t take it in for inspection or roadworthiness tests.”
That is, broadly speaking, a possible way of doing things, but only if I use the car exclusively to drive on my property and am not bothered or financially burdened by defects. But I will need to address the issues of service and maintenance as matters of urgency the minute the systems are business-relevant or even business-critical, and I participate actively in traffic – whether it is by keeping an Internet connection or, as in the example above, by driving on public roads.