With data proliferating all around us in the enterprise, an increasingly popular trend to manage the explosion is that of data centre consolidation.
But as with any such investment undertaken by a company, there are a host of factors and obstacles that require consideration before the change is made. Data consolidation is no different.
With companies naturally cautious about the handling of sensitive business information, we got the lowdown from SafeNet's VP Jason Hart on how security risks and other hurdles can be overcome.
TechRadar Pro: What are the benefits of data centre consolidation?
Jason Hart: In a global market that is increasingly fluid and competitive, organisations have to continue to ensure that they're getting the most value from their IT investments.
As a result, IT and business executives continue to pursue data centre consolidation by reducing the number of physical data centre sites, expanding the use of virtualisation, and adopting cloud initiatives.
According to our recent survey, nearly three quarters of IT professionals (74 per cent) view data centre consolidation as important, with the main benefits including fewer locations to manage, cost savings and centralised key management.
TRP: Why aren't more businesses pursuing data centre consolidation?
JH: Security concerns are preventing businesses from unlocking the potential benefits of data centre consolidation. Businesses are wary about data centre consolidation because they are worried about security.
They are worried that if they consolidate their data centres, will their high value information still be stored properly? Who will have access to the information and will the business still be compliant with industry regulations?
In particular, concerns around encryption and key management are contributing factors to the slower progress in consolidation efforts. Our research showed that of those who view data centre consolidation as important, 62 per cent said their biggest worry was losing control of cryptographic keys.
TRP: What obstacles do businesses have to overcome before considering data centre consolidation?
JH: The results from our research infer that key management is critical to consolidation and cloud initiatives and something that organisations need to get right before they migrate potentially sensitive applications and data to virtualised infrastructures.
To support data centre consolidation initiatives, organisations need to adopt new approaches and encryption technologies that support today's dynamic data centres and service provider environments.
Business need to overcome security concerns, by moving workloads from physical machines to virtualised systems.
TRP: How can businesses address security concerns associated with data centre consolidation and cloud migration?
JH: Success in the cloud requires a focus on security, including addressing baseline security controls, such as identity and access management (IAM) and encryption.
Key management is also critical to consolidation and cloud initiatives and something that organisations need to get right before they migrate potentially sensitive applications and data to virtualised infrastructures.
By deploying encryption and centralised key management strategies, organisations can retain control over their sensitive data, whether that data resides in traditional physical data centres, virtualised environments, or with cloud service providers.
TRP: How are companies currently securing cryptographic keys?
JH: Our research indicated that many organisations are not securing cryptographic keys effectively. For example, 74% of respondents have at least some cryptographic keys in software - which in effect is the IT security equivalent of leaving house keys under the doormat.
Only 8% are securing keys solely in hardware, which although is a more effective way, it's still a small percentage. Also, currently 46% don't manage cryptographic keys centrally which sets the stage for inefficiency, overlapping effort, inconsistent policy enforcement, difficulty in auditing and more.
TRP: How should companies address the management of encryption keys, and the fundamental security concerns around key ownership and storage?
JH: Encrypted data is only as secure and available as the keys used to encrypt it. For instance, when keys are stored in servers, they are susceptible to compromise and loss, which exposes sensitive encrypted data to those same risks.
To address these gaps, organisations will increasingly need to leverage purpose-built key management platforms that offer robust security and availability.
These purpose-built platforms allow users to store and manage keys in hardware, where they are more protected and controlled.
However, currently around three-quarters of respondents store at least some encryption keys in software—the IT equivalent of leaving house keys under the front door mat.
Effective key management allows security teams to uniformly view, control, and administer cryptographic policies and keys for all their sensitive data—whether it resides in the cloud, in storage, in databases, or virtually anywhere else.
TRP: What advice can you give organisations trying to accelerate their cloud, virtualisation and data centre consolidation initiatives?
JH: Any shift in IT infrastructure can be daunting for IT professionals, however with data now stored across a hybrid IT landscape – including on-premises, on mobile devices, and in the cloud – security teams need to move away from traditional approaches and adopt new encryption technologies that support today's dynamic data centre and service provider environments.
With multi-layer encryption, centralised key management and two factor authentication, organisations can accelerate their cloud, virtualisation, and consolidation initiatives, while retaining the controls they need to protect sensitive data, adhere to internal security policies and comply with regulatory and government mandates.
