Stop treating your datacentre as if it were a laptop: Symantec

Stop treating your datacentre as if it were a laptop: Symantec

Summary: Securing a server and a laptop should be two different things, but many organisations are still looking at solving the security problem by installing antivirus and other end-point packages.

SHARE:

Speaking at the Symantec Symposium in Sydney today, the company's information security practice manager Adrian Covich said that organisations are treating the security of their servers like laptops.

Despite servers residing in the datacentre and having vastly different security challenges, Covich said businesses protect them as if they were end points, like laptops, installing antivirus and data loss prevention packages and ignoring the fact that they are have different challenges.

"The datacentre is being targeted, and it doesn't matter if you're a big organisation or a small organisation. It's where the treasure is, and you need to protect it."

He said that many of the challenges, such as dealing with lost laptops or malicious USB sticks, simply don't apply to servers in a datacentre, and it didn't make sense to treat them that way.

Furthermore, he argued that of the data that is stolen from organisations each year, much of it isn't from laptops. He pointed to the recent Verizon Data Breach Investigation Report, which showed that 97 percent of data is actually from servers.

Attacks on servers are also quite different. Laptops are traditionally protected by antivirus products, intrusion detection/prevention systems, and possible layers of firewalls. While these are basic necessities for servers, they do not do much for addressing user privilege escalation vulnerabilities, defending against SQL injection, and other attacks, he said.

Covich said that organisations that want to protect their servers like servers and not like laptops should be examining the use of measures such as sandboxing, even in virtualised environments.

One such advantage that administrators can take advantage of is the fact that servers are meant to do only a few specific things, and their environment is not frequently changing.

"I don't want to be loading the latest version of iTunes because I can. I know what the programs are that the server is meant to run. I'm going to make sure it only runs those."

This goes hand in hand with application whitelisting, another recommendation that Covich made, which is one of the top strategies suggested by the Australian Signals Directorate for government departments.

Topics: Security, Data Centers, Symantec, Virtualization

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • You Burried the Lead

    Sandboxing and whitelisting is the future of server security.
    technojoe
  • Treating the server like a laptop is IBM standard practice

    That is exactly how IBM Global Services treats you servers in the data center. Be afraid, be very afraid. Unenlightened and poorly managed is what you get if you outsource to IBM. It might not be any different with other vendors either. You have to spell everything out in your T&Cs or you will get the IBM version of scroogled.
    greywolf7