Discovery functions, FIPS compliance increase DCIM security
- Oct 05, 2018
Data center infrastructure management is one way to track security patches and unauthorized hardware access. There are a few features you can use to increase security.
Fully featured data center infrastructure management tools can streamline operations, but they are also a double-edged sword. They can help you identify security gaps and avoid breaches, but they store everything there is to know about your operation, which makes it imperative to have security features in place.
Intrusion avoidance is what most IT professionals associate with security. The ability to access operational information remotely is a major feature of robust DCIM security tools. You can check alarms and drill down into data on your smartphone or tablet before you decide what to do or who to call. But if you can access information remotely, an intruder probably can too.
Your network is the cornerstone of your organization’s security; it’s the first line of defense against any kind of intrusion. Building strong application-layer security into your DCIM can protect your systems against any application-based or domain name attacks.
Set DCIM security standards
The government, military and even the Central Intelligence Agency use DCIM tools, so there are certainly tools available with a wide array of high-level security features.
Of course, you need dedicated access and multiple levels of encryption, but the most recognized security gauge is the Federal Information Processing Standard known as FIPS 140-2. This standard outlines guidelines for encryption, cryptographic modules and hardware anti-tampering measures.
The government has different security levels for its agencies. The military and intelligence sectors have the highest security measures and FIPS 140-2-compliant tools meet those needs. Healthcare and finance have their own regulatory security concerns, and FIPS 140-2 covers the compliance needs of those industries, as well.
Scan the network with DCIM security tools
DCIM auto-discovery is a useful function for system security. It identifies unpatched assets, generates work orders and maintains alerts until they are resolved.
It can also track if someone introduces hardware or software without the right authorizations and notifications. This is because DCIM tools monitor the computing hardware and track the make, model number, operating system and release, application software and releases, and even the serial numbers and asset tag IDs depending on the system’s sophistication.
DCIM tools constantly poll the network and can discover new hardware and software to add to the asset management database. This is useful for monitoring security patches and updates. For example, if an OS update comes out and you have to patch 125 servers, but you don’t know how many servers run that OS and you only update 124, one server is still vulnerable.
Furthermore, a variety of people still go in and out of some data centers, and executives may even bring visitors in with them for tours and information sessions. This makes it important to know if anything is amiss.
Another part of security to consider is company culture. Which security features do you enable or disable out of the box? Which features do you change to make hardware more or less secure? Robust security may impede fast-moving operations, and multiple sign-in requirements can frustrate busy and harried techs. And although turnkey security options offer installation and maintenance benefits, they can also be overwhelmingly comprehensive.
In short, strong DCIM security tools have robust protections, but the vendor has no control over what users do with them or the environment that runs the DCIM. Plus, DCIM auto-discovery can’t reach down to the server processor level where advanced persistent threats occur.
DCIM can, however, relieve some concerns in a complex computing environment in which you have a cloud-based setup or resources shared with users outside of your control.