Hyperconverged infrastructure (HCI) has rapidly become a popular solution due to its simplicity and low cost. The ability to combine multiple disparate systems into a single, easy-to-use package offers significant advantages to both the end-users and administrators. Hyperconverged infrastructure is not a specific product, but rather a method of combining compute, storage, and networking systems into a single software-defined environment. The end goal with HCI is to reduce complexity, improve efficiency, and lower the total cost of ownership of a data center.
While hyperconverged infrastructure does greatly simplify scalability, the technology does bring some added complexities. Traditional approaches to security such as firewalls are no longer as effective with the virtualized nature of hyperconverged infrastructure. Instead, an application and policy-based approach to security are required to safeguard your systems. When security is not properly implemented, an external attacker or internal employee with malicious intent can have much greater access to data and systems that may otherwise be protected by the isolation provided by a firewall. Ahyperconverged infrastructure can be just as secure as other solutions and, in some cases, even more secure depending on the implementation and the technology it is replacing. However, it is crucial to remember that there are different security challenges associated with HCI and several possible practices to mitigate them.
1. Internal Breaches
Internal breaches are on the rise. According to Clearswift, “74% of security incidents come from the extended enterprise, not hacking groups.” The most important security task is to strictly limit user access to only what is needed. Since hyperconverged infrastructure is highly scalable, it is very common to integrate the systems for an entire company into one HCI environment. While highly convenient, it brings up legal issues as well as clear security concerns. Locking workspaces by region or time to prevent unlimited access is a simple and reliable way to avoid falling out of compliance with corporate governance laws and requirements. Data locking also allows for simplicity and a reduction in errors, and isolating data based on user role helps reduce the risk of harmful leaks. By limiting a user’s access in this way, the risk of accidentally deleting data or intentionally accessing sensitive files is greatly reduced.
2. Single Point Breaches
Relying on a single firewall or encryption key leaves your infrastructure exposed to a single point breach. As mentioned previously, a single firewall is insufficient to protect your hyperconverged systems. If all data is secured with the same encryption key, then an attacker only needs to decrypt one file to determine how to read all your data. Therefore, it is important to protect individual virtual machines by isolating each with their own firewall and encryption keys. In the same vein, policies should be different across each virtual machine. While these measures may seem counterintuitive as the purpose of HCI is to connect systems and reduce complexity, it is important to secure each component individually to allow for multiple layers of security. By encrypting each system within thehyperconverged infrastructure differently, your IT staff will have time to identify and eliminate the threat.
3. Complete Hyperconverged Infrastructure Failure
The final critical security strategy is backup and recovery. Modern backup and disaster recovery services are very capable, and allow each node to back up separately or in conjunction with others. In the event of failure or attack, modular recovery can occur. If a system is found to be compromised, the entire server can be wiped and later restored from the backup with a new encryption key and no loss of data.
While we have simplified the steps to secure hyperconverged infrastructure above, you need an in-depth plan and a clear strategy to effectively protect your data and systems. Each additional layer of security added is one more obstacle to a potential attacker and one more way to keep your business running smoothly.
The hyperconverged infrastructure experts at Meridian will help you find the perfect solution for your specific data challenges. Our team of brilliant humans will work side-by-side with you to select, implement, secure, and manage your technology solutions so you can focus on growing your core business. It’s time to say NO MORE to complex, expensive, and insecure infrastructure.