Distributed Or Centralized Data Centers?

The rise of edge computing is shifting data centers once again. Centralized data centers continue to ramp up, with many service provider construction projects focused on facilities. Edge computing is evolving to a more distributed placement of computations that are closer to the enduser. Users are consuming data in new ways, and developers are engaged and listening.

Last year, a major Internet of Things (IoT) thermostat provider experienced an outage. These thermostats had to communicate with the centralized service, and during the outage were unable to access their centralized services and shut off. This type of situation increases the demand for edge computing, which should prevent these types of failures by moving the logic and computing as close to the device as possible, and away from a single failure point.

CENTRALIZED SECURITY CONCERNS

Distributed denial of service attacks (DDoS) use multiple devices to flood a single service, application, network, or server — potentially anything connected to the internet — with seemingly harmless packet traffic. Malicious attackers have also caught on to the need for distribution to execute their attacks more effectively. Multiple devices attacking one location can create a massive outage. As the infrastructure tries to filter out all the bad traffic, it is often unable to provide or fulfill its services to actual clients — just like the thermostats that shut off as the data center succumbed to a massive DDoS attack. This single point of failure has been a driving factor in shifting to distributing the loads, to increase the amount of failure points for devices — hence the increasing demand for edge computing. Think about it this way: if you were in a self-driving vehicle, would you want your life in one centralized data center? No; in fact, you would make sure the computations were easily accessible within the car to ensure your safety.

Smart devices are now mini edge computers, allowing them to provide the enduser with a quicker response time and better experience. However, application data being used and manipulated on the device still needs a connection to a centralized location, with the option to have updates sent to the device. You’ll find that all service provider infrastructures are supporting billions of IoT devices that are only getting smarter, but still require connections back to a centralized location to upload their data and retrieve updates every day.

DISTRIBUTED SECURITY CONCERNS

Centralized data centers may seem like a security nightmare if you think about a single point of entry. However, that is not always the case. When you distribute data centers, you also divide your awareness, time, money, and increase your security risk. We can’t win, can we? This type of operation — having multiple spread-out data centers — requires more management, but also allows you to spread the risk. Of course, you’ll need to do your due diligence to ensure that the systems are corresponding and all using the same security posture. This same attitude will enable you to ensure easier responses, awareness to the environment setup, faster updating, and quicker recovery.

The word “compliance” has started and stopped conversations for the past 15+ years of my IT career. There is a need for compliance, as it helps to standardize your security posture and facilitates infrastructure standardization for your network, applications, servers, and more. To me, compliance should be a backbone of your organization. Having a simple template of what your company set in place (so you can validate and apply to every matching device within your IT organization) is vital to your distribution data centers, as it ensures security and continuity between sites.

SECURITY TIP

Testing is another missing component I have seen over the years. Since I love friendly reminders, let me just say this: every security plan and recovery plan must be tested, or it is not effective. Several times — more than I like to think about — when a disaster strikes, the recovery plan has had a failure. When you ask to see the previous testing following disasters, there is no documentation available and you’ll usually receive a nice follow-up email that says, “We ran out of time and needed to be in production — we failed to do an actual full recovery test.”

Verifying your procedures and confirming that they are up to date is an important step with all IT management and especially within data centers. This should be addressed with all team members, to ensure that there is a unified front to support your recovery plans. Security is a way to block and help prevent attacks, but without a recovery action plan, you are not truly able to execute a security posture or maturity matrix within your infrastructure.

CONCLUSION

It’s important to have the conversations necessary to determine the best solutions for your business case. Discussions on security may lead you to a more hybrid situation/solution. Merely engaging in this conversation with your team allows you to verify the effectiveness and validity of your security posture within your data center. Continue talking about your security concerns, as it will keep bringing security to the forefront of your team’s thoughts and most importantly, actions.