In this week’s Great Debate; Optimizing datacenter security: Overhaul or incremental changes? I took the position that incremental was the most appropriate way to go while my colleague Ken Hess took the tack that overhaul was the only way to save the datacenter security model. While Ken and I both agree that something has to be done, our approaches to the problem were quite different.
While we both agree that there are unrelenting attacks on the datacenter, I think the overhaul approach would be ineffective in the long run because when implemented in the real world the motivation is likely to be as a reaction to security problems.
Going in front of budget committees and telling them you need to make a major security overhaul due to the discovery of a new potential threat to the datacenter will only work so many times. It is simply not cost-effective to put yourself in a situation where your process is driven so hard by outside forces.
This is not to say that security upgrades aren’t going to be required by discoveries of external threats, but rather speaks to the need for ongoing security monitoring, management, and upgrades, rather than massive upgrades when threats are discovered.
Nor does it mean that if a significant problem is discovered a massive upgrade won’t be required. It means that your security process should not be built around those major changes, but rather around ongoing planned and managed upgrades that keep your facility ahead of potential attackers.
While Ken points out that the cost to a business of even a single data breach can be huge, building your security management approach around reacting to those breaches, rather than aggressively working to prevent them seems to be the wrong approach. Much of the premise that security needs the rip-and-replace methodology to be effective is based upon the presumption that the datacenter’s security is outdated. And in that situation, total overhaul may be the only way to go.
But if you’ve let your facility get that far behind the curve, that overhaul better not be just of the existing security infrastructure, but of your internal processes and procedures that let you fall so far behind.