The Time to Converge is Now

Securing the digitized world inside a data center

Over the last several years, the world has ushered in a new era of sustained cyber attacks.  These new threats are not aimed at the normal targets like e-commerce sites, banks, or hospitals and don’t use previously common attack methods like denial of service or ransomware. Instead, physical infrastructure—including power grids, water treatment plants, production lines, and even at-home devices like security cameras and internet of things (IoT) equipment—are now frequently being probed and attacked.

While the concept isn’t new, many of us are familiar with Stuxnet being used to deliver attacks against supervisory control and data acquisition (SCADA), it always seemed like an attack against someone else’s infrastructure or a game played outside of traditional enterprises. This leap from information technology (IT) assets to operational technology (OT) assets is significant in the world of protecting critical infrastructure. These threats are coming into full view, and new methods of delivering attacks are being discovered (that in some cases can jump over the previously fail-safe method of an “air gap” or disconnected network protecting operational technology).

Traditional Data Center Security

Data centers are nothing if not secure from both physical and cyber threats. Today, however, the most pressing threats facing data centers no longer conveniently fit into the two distinct boxes of physical and cyber risks. In fact, the threat environment has become so blended and dynamic that the traditional security model of most data centers is outdated and ineffective.

Most data center providers operate with two independent teams, each responsible for a specific risk category-physical or cyber. These teams typically have siloed leadership chains, which rarely overlap in risk management processes, and separate common operating pictures of the threat landscape. The traditional approach to bolster a data center’s security posture remains rudimentary: add more security guards onsite and purchase more cyber security tooling. 

Clint Heiden, Andrew Wild, and Chris Beck

Evolving Threat Landscape

Data center security strategy, technology, and tactics have matured slowly compared to the evolving threats facing today’s critical infrastructure.  Every aspect of the working world is now digitized, which introduces many new attack vectors for bad actors to exploit.  The sophisticated threats highlighted below become extremely difficult to prevent using a traditional security model:

  • Operational Technology:  Industrial equipment (think data center HVAC units, sub-stations, generators, etc.) is being attacked through centralized monitoring software systems.
  • Information Technology: Unauthorized physical access to a data center space is being achieved by exploiting a vulnerable identity and access management system.
  • Internet of Things: Unsecured cell phones, smart home and office tools, virtual assistants, and other connected devices are being accessed by bad actors to collect private information that can be used in a physical attack.
  • Unmanned Aircraft Systems: Drones are being weaponized to fly explosives into targets or control infrastructure technology from afar.

Converged Security

In anticipation of these threats, QTS Data Centers has implemented a converged security model as a holistic approach to managing physical and cyber risks. Converged security seeks to break down the traditional silos of physical and cyber security into a single, unified program to identify and manage risk. Under this single banner and leadership model, QTS is able to view more comprehensively the risk landscape and plan for more integrated and coordinated responses to threats. Blended threats require a blended response.

This story is part of a paid subscription. Please subscribe for immediate access.

Subscribe Now Already have Subscription? Login

Clint Heiden

Clint Heiden is an industry veteran and Internet pioneer with more than three decades of executive leadership experience in the data center, telecommunications, and Internet technology industries. Heiden is currently the Chief Revenue Officer of QTS Data Centers and the Founder of IEIC. Previously, Heiden has held senior leadership roles in companies like Cable & Wireless America, Exodus, Digital Island, Qwest, MCI, Intellifiber Networks, PAETEC, Sidera, Lightower, and UUNET.

Andrew Wild

Andrew Wild has spent over 25 years developing effective, customer-driven information security, incident response, compliance, and secure networking programs for IT and security organizations, including Qualys and EMC. Prior to QTS, Wild was the Chief Security Officer at Qualys, where he oversaw security, risk management, and compliance of Qualys’ enterprise and SaaS environments. He is a veteran of the United States Army and served in Operations Desert Shield and Desert Storm.

Chris Beck

Chris Beck is the Converged Security Manager at QTS Data Centers. Working with both the information and corporate security teams, Chris is helping to drive the QTS converged security program forward. Chris joined QTS in 2019 through the QTS Leadership Development program following seven years as a US Army Infantry Officer. He continues to serve in the US Army Reserve as a member of the 75th Innovation Command.