PwC fights data center cyber threats with technological knowhow
Over the last decade, the data center market has exploded at an exponential rate. Technology, namely infrastructure and network capabilities, has completely defined and redefined the way in which businesses all over the world operate.
“Technology has really come a long way from very flat, uncontrolled networks that defined the 90s,” says Don O’Neil, Director, CIO Advisory at PwC. “The technology of today is presenting companies with the ability to very closely monitor,control and segment the network across their entire enterprises. However, that doesn’t necessarily make the task at hand any less challenging”
O’Neil has worked in the technology space for more than 30 years and in that time, he has witnessed first-hand this shifting landscape. Having been active during the early days of the ‘technology boom’, O’Neil points to the first real attempts of major corporations trying to go digital and what he has begun to notice is that despite an initial investment and overall enthusiasm, some industry players have fallen behind.
“I remember seeing how much they spent and how much time and effort that they dedicated in order to do the initial implementations,” he says. “But some of these very same players have not kept up with the times in the past 20 years and that’s because of the significant cost involved.”
As the data center space continues shift towards the modernisation and infrastructure changes are driven through regulatory and security concerns, segmentation and micro-segmentation are tools with which businesses are looking to control access to their resources. The inability or reluctance to adapt and invest for companies brings a key challenge around the security of networks.
“It’s left the door open for hackers and bad actors to get into these networks and cause serious problems,” says O’Neil. The problem then it seems is that as market players move infrastructure towards cloud data centers they do so with the wrong mentality. As O’Neil notes, most organisations focus on the security and segmentation of their data centers with a ‘front door’ or permiter mentality.
“Look at it like this. You always lock your front door in your house. But once somebody's in your house, you really should be locking all the rooms' doors so that you can control access to all the individual rooms.”
With the immaturity of tools at their disposal, thanks to a lack in investment, dangerous situations can arise for organisations. This is especially the case as O’Neil believes it is only within the past three years that the marketplace has started to catch up to the notion that network access control, and the security surrounding it, is one of the most important components of any edge network control, network segmentation or micro-segmentation.
Navigating this changing marketplace, and supporting these organisations through it, forms what O’Neil strives to achieve with PwC. For him it becomes a task of enabling a shift in thought process, from a development, deployment and management and operations point of view, as well as from a tool set perspective.
The problem he feels is that the demands of the data center customer have driven companies to invest massively in physical and cloud infrastructure as a means of stemming the capital costs associated with expanding their infrastructure internally.
This is only intensified by the changing regulations surrounding data and network infrastructure, such as GDPR and data sovereignty across Europe. Companies are now required to know about every part of their data centers and be able to control the flow of that data.
“Many organizations treat their data centers like one giant bucket,” he says. “Then they just keep throwing additional resources in that bucket rather than going through and slicing that bucket up into smaller areas and providing adequate control in and out of those smaller areas.”
Nevertheless, regulations surrounding data control has and will continue to drive technological development and implementation and this requires the CIOs and CTOs of the world to stay ahead of the game in order for their organisations to not fall behind.
The tools and the traditional way of approaching things, O’Neil explains, are simply inadequate to meet the changing regulatory requirements. “It means that applications may have to be re-architected, new infrastructure deployed and it means additional tools will need to be brought in,” he says. “It’s a complicated process and it’s a costly one.”
This is where PwC works with some of the biggest corporations and businesses from all over the world across a number of sectors. This provides O’Neil and his team with a real global perspective of how the market is changing, how the industries are responding and more importantly how that can translate into the value they can bring to their own customers.
“We share our experiences with other clients in the same industry, or similar industries in similar situations. We learn how other clients have solved a problem and share the information that we get on a regular basis from our vendors,” he says. “What this does is allow us to find different approaches, different product solutions, and enable greater value.”
This approach extends to the company’s relationship with its customer base. O’Neil seeks to understand what the customers have tried, where they’ve been successful and where they’ve experienced challenges and failure. For him, understanding this is the secret to enabling future success.
“Being successful or not being successful is really irrelevant,” he says about deploying specific technologies. “But taking key lessons and applying those to the next project, and sharing those amongst the team and across the entire business is very, very important. It’s about how we share that with our clients, and how the clients share it with us."
In collaborating and communicating with its customer, vendor and client base, PwC can better understand the technology trends that are both enabling and restricting growth across the industry. As companies move towards segmented data centers their operating models are shifting also, becoming far more software defined than ever before. This is due to the flexibility it provides them, but as O’Neil warns, there is a growing danger that comes with moving some of the control of network and data away from people in-house.
“If you have fifty people in an IT organization trying to solve a problem, but then you have millions of people out there exploring and poking and prodding, looking for problems, it's just a pure numbers game,” he says. “The people looking for the problems are going to win, not the people trying to protect against the problems.”
The issue of cyber security is unlikely to go away any time soon, if at all, but O’Neil can already see the industry responding and fighting back to better protect its networks and infrastructure. Technology solutions providers are investing in and developing software-defined control systems in order to better identify and understand more information around what devices are connecting to data networks.
It’s not just internally as more and more vendors are looking at the other side of the equation, providing end-to-end control from the user to the data center.
“That really is the ultimate approach that we preach through identity-based control,” says O’Neil. “Understand who’s connecting to the networks, what they are connecting to and be able to control the entire path along the way via those software controls.”
Over the past twenty years the network and infrastructure market has transformed far beyond the historic flat, uncontrolled networks. As technology continues to evolve, PwC has to be prepared to evolve with it and be ready for the next market evolution. O’Neil believes that the next paradigm shift will be very much a continuation of the current market trend, with customers and clients seeking out the flexibility of software-defined networks and infrastructure.
“One day I think it will become everything as a service,” he says. “That means network as a service, servers, web services, storage, applications, and software as a service. As a result, we're going to move from a more traditional “I own the infrastructure” model to a “I consume the service model.”