Security Considerations for Government Data Centers

Hopefully you had the chance to read FutureGov Asia’s recent interview of Sharat Sinha, our VP, APAC, explaining steps to help governments better address today’s security risks.

As I spend time in the field with government buyers, I often see the topic of conversation returning to the data center, and that’s because many agencies globally are going through IT or data center consolidation projects. For example, much has been in the media about the U.S. Government’s Federal Data Center Consolidation Initiative (FDCCI) but the U.S. is certainly not alone – initiatives like these are pathways to greener government with reduced power, heating/cooling, and maintenance costs.

With all of these projects underway, I thought it might be helpful to include some security considerations for the government data center environment:

1.  Establish a benchmark of what applications reside within your data center. Data center applications use random, non-contiguous communication ports and protocols. Though these are critical applications, handling some of your most critical data, sadly they are often the very ones with vulnerabilities and active exploits available. Understand your data center applications and their current risk profile. Then make sure your choice of cyber security solutions can handle those unique requirements.

2. Determine a plan for security policy enforcement as users, applications and content move from VM to VM. Virtual resources are accessed by a distributed workforce with different security risk profiles. Virtualization removes the natural security “borders” of your existing security methods, and the dynamic nature of creating/changing/moving VMs makes it difficult to track policies to those systems.  Make sure your cybersecurity solution safely enables applications of different trust levels running on a single virtualized server. And choose one that can handle the security needs of both east-west as well as north-south traffic.

3. Ensure your cybersecurity solution scales and is sufficiently flexible to meet the demands of the data center and virtualized environments. Just because your security needs are for a data center doesn’t mean you must compromise your need for full visibility of your data center applications, content and users.  Maintain the security of your data center traffic, inclusive of applications, content, and users, without compromising performance.

If you’re tackling a new data center or virtualization project remember that we have many VM platform options including our jointly developed solution with VMware combining our VM-Series with the VMware NSX platform.  Our VM platforms are also supported on the VMware ESXi 4.1, 5.0 and 5.5 platforms, and the Citrix NetScaler SDX 11500 and 17550 Series.

Our platforms also integrate with cloud orchestration software to automate those policy changes.  And don’t forget about the new Palo Alto Networks PA-7050 for next-generation security platform that will give you throughput of up to 120 Gbps of App-ID firewall performance and 100 Gpbs of full threat prevention processing.

Good luck with your projects! Read more about Palo Alto Networks solutions for government and follow us on Twitter (@NGS_Gov).