Steps to mitigate risks in a datacenter move

You're a security officer in your corporation and you've been informed your company is moving a datacenter from California to Chicago, Illinois. The applications generate over 50 million in revenue yearly. What advice do you follow and where do you start?

First you determine the style of the architecture of the applications. Then you investigate the age of the tools used to build the applications. If the applications have a web interface, you deploy tools to protect them from attack while making the applications more secure. Then upgrade the infrastructure components. Update the change and configuration management processes. Scan and correct the application's web errors. Lastly, modify the application so that it supports the latest security tools that integrate with the application such as Active Directory for authorization.

[Database security: At rest, not at risk]

Some of the applications may be old and use client server or single tier web application design. Due to their age and architecture design, they lack many of the security improvements made in application and infrastructure security over the last few years. The company kept their IT expenditures at a minimum to grow the business. Now, theyve been purchased and their applications are tired.

Those same applications may use old application tools to maintain and modify the application. The language and tools used to create the application may not be supported anymore by the tool vendor. Keeping proper source code controls and promoting software through various development, test, and production environments may also be lacking. It is important to update development tools to vendor supported levels while maintaining the design. This port of the application to use new tools can occur before starting the infrastructure migration.

Since the bar for web application security is always going higher over time; mitigate internet risks by deploying a web based URL whitelisting tool. It tracks all URLs that are used properly over a period of a couple of weeks and makes a whitelist of them. Future attacks that attempt to move to URLs that are not in the whitelist will have the session dropped. This URL whitelisting protects web-based applications and gives a company time to mitigate application weaknesses.

Initially, the application is moved with the following security process and infrastructure changes:

1. New or updated change and incident management processes are followed.

2. New or updated configuration management tools are used to track configuration changes. This enables application roll-back if errors are difficult to resolve.

3. New IP addresses and DNS entries are created for the new virtual and physical servers.

4. Load balancers are configured to use a pool of servers to address web based traffic.

5. Various firewalls are configured to protect both the DMZ web servers and application data.

6. The databases are tuned and scaled for traffic demands.

7. The data in the storage subsystem is replicated to another subsystem in the new datacenter.

The second phase of mitigations addresses information security weaknesses at the applications level. It assumes that the new datacenter has Active Directory or LDAP (Light Directory Access Protocol) services, a remote monitoring tool, a HIDS (Host Intrusion Detection System) tool, an operating system upgrade tool, a logging tool, a web scanning tool and firewalls. The following security tools will likely be in the datacenter after the first migration occurs. That is because all the tools will likely be used for all future migrations.

1. Correcting application errors found with web scanning and code scanning tools

2. Authentication and authorization weaknesses

3. Remote monitoring of servers, network and storage equipment

4. HIDS implementation on the servers

5. Operating system upgrades

6. Logging of application, user, and administrative operations

7. Deploy firewalls in zones to protect data and applications effectively.

In summary, systematically and carefully protect the application with URL whitelisting where relevant. Then upgrade the infrastructure, application tools, and processes. Then correct the application errors found with web and code scans. Integrate the application with authentication and authorization, remote monitoring, HIDS, and auditing/logging tools. Lastly, protect the applications' data using a "Deep Theater Defense" firewall configuration.

Gregory Machler is an information security architect and cloud security expert and a frequent contributor to CSOonline

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregory Machler

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts