As many of you already know, Bjumper has launched a new communication channel (Useful Talk) through which we aim to share the experiences and insights of experts who, in one way or another, are well-versed in the Critical Infrastructure sector.
In this first Useful Talk, we had a conversation with Oscar Fernández Gálvez about cybersecurity in Data Centers, particularly in the context of OT and IT networks.
With this post, we simply want to provide you with a summary and an overview of what was discussed in that Useful Talk. I would also like to take this opportunity to let you know that you can watch the full video or podcast at...
Complete video of Useful Talk: Cibersegurity in Data Centers
Cybersecurity in Critical Infrastructures is a very important topic for data centers as a whole, and as a result, it touches on many aspects that cannot be covered in the 30 minutes of this talk. Nevertheless, we believe it's a very interesting subject, and we started by asking Oscar about some key points that we should consider when discussing cybersecurity in Critical Infrastructure, especially in OT and IT networks.
Oscar points out that a key aspect to consider is the management of cyber threats within different assets in each data center (CPD). Some companies handle this management internally, while others prefer to outsource it.
He also mentions that there isn't a clear trend in OT networks. People don't necessarily lean towards convergence; instead, they prefer to manage security independently with different personnel and tools. It's worth noting that historically, cybersecurity in OT networks was often less controlled in many cases because they were not connected to the internet.
In response to this, and based on our experience in data centers, we asked Oscar if it's important for both networks (OT and IT) to converge for increased security and efficiency.
Based on his experience, he emphasizes the importance of security in all IT and OT network assets. While we typically maintain high security levels in IT, it's essential to be aware that a security breach in OT, for example, could allow an attacker to access our BMS (Building Management System) and potentially compromise our data center, depending on the configurations. Therefore, convergence and the implementation of unified management tools in all critical infrastructures are fundamental, in part to share all available information.
All of Oscar's insights lead us to ask him another question regarding assets and the implications of poor inventory management on network security.
In response, he emphasizes the importance of comprehensive asset management for data center security, both in OT and IT networks. Data such as IP addresses, ports, protocols, offered services, operating systems, versions, updates, and more make asset management a differentiating and determining factor that contributes to data center security.
It's evident that manually managing this work would be impractical, which is why we should, as much as possible, rely on tools that enable us to complete our asset inventory, covering everything from the physical aspects of assets like firmware versions to the logical aspects, such as operating systems, installed applications, offered services, installed security certificates, and more.
Following the conversation and in an effort to address the challenges faced by different departments in data centers (CPDs), we asked Oscar about the importance of unifying all elements and processes around security. We mentioned that we have even encountered cost duplication in various departments due to the lack of such unification.
Oscar explained that one of the problems he had in this regard was asset management, which grew as the data center itself expanded. At one point, he managed it using Excel and Vision, but these tools fell short in providing a response to various stakeholders about their assets and platforms. It became necessary to use management tools (like DCiM) to deliver a better and more efficient service to both internal and external clients, in a much quicker and more effective manner.
Regarding duplication, Oscar stressed the importance of aligning people with processes, making communication between all departments and responsible parties essential. He also emphasized the significance of embracing technological changes and new ways of managing processes. Thus, Oscar believes it's important to implement a DCiM tool for comprehensive management.
He also mentioned that the implementation process takes time, requires a knowledgeable partner to guide the process, and necessitates proper staff training. Security should be integrated from the very beginning of any DCiM implementation.
In this regard, Oscar shared his own experience in the implementation of his DCiM, highlighting the following:
He worked extensively on the network topology of the DCiM and communications, both in WAN networks (connections and access from remote networks) and LAN networks (identifying necessary networks, connections, and access).
He emphasized application-level security, such as eliminating unauthenticated access for alerts and tasks.
Integrations with other products like ticketing, VMware, and Hyper-V were secured in a similar manner.
Regarding the OT network, he mentioned that the Building Management System (BMS) supporting the building's network had to be secured. This involved tasks and actions like identifying networks, enforcing access restrictions from external sources to ensure all access occurred from within the building to prevent vulnerabilities. .
The BMS was integrated with the DCiM, providing complete visibility into both OT and IT networks.
For Oscar, it's essential to have all elements integrated within the infrastructure as they are all part of a chain where some links are stronger and others weaker. These need to be clearly identified for further analysis and work on strengthening the weaker links to prevent them from becoming potential points of failure.
We also discussed with Oscar whether DCiM can aid in decision-making and help anticipate potential failures.
Oscar mentioned that it's somewhat complicated to provide a straightforward answer as several factors need to be considered. However, he emphasized that a good DCiM system helps in having centralized, consolidated, and time-guaranteed information. The more integrated information you have, the more appropriate your decisions will be at any given moment.
We continue our conversation and delve into more questions related to inquiries from our clients regarding their need to incorporate more IoT devices, sensors, power strips, etc., into their OT networks. We asked Oscar for his opinion on the potential increase in security threats in OT networks as they become increasingly connected to the internet.
Based on his accumulated experience, Oscar points out that internal attacks are likely to increase more than external ones. This is already a reality, but in the near future, the entire network infrastructure of IoT and OT will be a significant point to consider due to the extensive deployment happening in this regard. It's worth noting that the current security levels and conditions may not be the most appropriate at this moment.
He further explained that there is a significant number of legacy assets that are no longer up to date and are challenging to manage when implementing security measures. A percentage of these assets are no longer secure for various reasons, which should be individually analyzed.
These networks, much like IT networks, have a significant number of assets with operating systems or developments that have not been supported for a long time, as they are outside the manufacturer's lifecycle. Moreover, a large percentage of these assets are no longer secure, starting with the hardware of the asset. Many best practices for handling these assets are not applied. For example, not using common sense when performing installations and configurations of products: it's not enough to click "next, next, next" to configure and finish without considering factors like the granted accesses or the credentials being shared.
It's worth mentioning that in this context, especially concerning OT networks, there are many rack power strips or electrical panels that are not monitored or managed. These are other security points through which a data center can be vulnerable to attacks.
According to data from the Ponemon Institute, "90% of companies that use OT technologies have experienced cyberattacks in the past two years, 45% of which are related to the industrial machinery itself".
Returning to the initial question of whether it's better to manage assets internally or outsource them, we asked Oscar for his opinion on the potential risks within Cloud - Enterprise solutions regarding the monitoring of OT infrastructures.
In this regard, it's emphasized that regardless of the management mode, there are risks associated with legacy assets (both IT and OT) that need to be addressed. Examples include unauthorized access, vulnerabilities in unmonitored systems, inadequate infrastructure, lack of maintenance, and data loss risks, among others. However, it's important to know what is offered by our Cloud provider and what security we can have if we manage it internally. Cost considerations are also a factor to evaluate for each option.
We continued our conversation with Oscar, and he emphasized the importance of access control in terms of security. With the increasing volume of information related to individuals and the implications for data protection, we asked for his opinion on how secure data is in data centers.
Oscar provided a brief overview, highlighting the importance of centralized, consolidated, and time-guaranteed information. This approach allows for the governance of critical data or data that is of greatest concern. Defining GDPR policies is a significant aspect of this, and communication between data center managers and data governance leaders is crucial to protect and ensure this information.
As we concluded the summary of the interview, we asked Oscar for his perspective and what requirements should be considered when incr into a critical infrastructure. DCiMinto a critical infrastructure.
In response to this final question, Oscar mentioned that he would start by understanding the role of the Data Center within the organization, depending on the type of company.
He would then conduct an internal study of potential areas for improvement to align the digital transformation of the Data Center service with the company's interests.
Partial shortcomings can be addressed with specific tactics without the need for a DCiM, but as digital transformation becomes increasingly essential, strategies are necessary to achieve it.
Oscar also mentioned that this strategic plan should encompass the three pillars for this transformation: Technology, Processes, and People.
Once the requirements for these pillars have been outlined, it's crucial to consult the market for the selection of two very important elements.
First, finding the most suitable technology is essential. Second, and perhaps the key to designing a solution that aligns perfectly with the planned transformation, is the choice of a specialized technology partner to accompany the organization throughout the extended transformation process.
This partner, as mentioned, must demonstrate their extensive experience in integrating top-tier DCIM solutions. They should have a deep understanding of all data center stakeholders and their specific needs to maximize process optimization and automation.
In conclusion, we want to express our gratitude to Oscar for his contributions to the industry. To all those responsible for critical infrastructures, we want to emphasize that Bjumper is here to address any questions or concerns regarding the optimization and automation of critical infrastructures. We are at your service, and there's no commitment on your part to reach out for assistance.
Let it work for you!
