Building a Secure HCI Environment

    Whenever the enterprise contemplates a new IT solution, security is a top concern. While it is true that ensuring a secure environment does not always precede the deployment, since techies are always itching to put the latest and greatest into production, it does tend to emerge as a key consideration fairly early in the product lifecycle.

    Hyperconverged infrastructure (HCI) is no different. Many organizations are already toying with this new kind of data environment, or its less modular cousin called converged infrastructure (CI), but only lately has the industry started to look into its potential security vulnerabilities.

    According to a WinMagic survey of more than 1,000 IT decision makers, security came in a close second behind increased complexity as a top concern with HCI. A key flaw in many deployments so far appears to be failure to limit access to the control plane of the HCI software, which is kind of like allowing passengers to take control of an airplane just so they can bring their tray tables down. Many organizations, in fact, are simply encrypting the entire HCI platform rather than individual workloads, which means that anyone who can get into the system can muck around with any project they want.

    Of course, this is an implementation issue rather than a problem with any given platform, but it does point up the fact that even the most modular system should not be treated as a simple plug-and-play solution. But other issues surrounding HCI security include the need to scale security as dynamically as workloads, ensuring secure compatibility between hypervisors, and maintaining identity and authentication management across distributed architectures.

    Security gaps can also emerge during the transition from traditional to converged infrastructure, says STEALTHbits Technology’s Gabriel Gumbs. Speaking to Data Center Knowledge earlier this year, Gumbs noted that misconfigurations can be easy to miss, particularly as things like access and administration move up the technology stack in a commodity hardware environment. Monitoring file activity also becomes more important to understand how data is being used, and misused, as it moves around the converged ecosystem. Existing security tools that were designed for fixed hardware data centers may not be able to fully evaluate these new architectures.

    But the situation may not be all that bad. TechWire Asia notes that emerging compliance structures are becoming increasingly responsible for dictating security and other policies across the enterprise, and many HCI components like disk and flash drives are self-encrypting. Coupled with advanced disaster recovery and other solutions, there is no reason to expect HCI infrastructure to be any more or less secure than traditional data center or cloud deployments. Of course, it always pays to roll out new solutions, HCI included, in a measured way, starting with non-critical workloads. In this way, the enterprise can evaluate for itself how the technology will fare as a more broad-based solution.

    By now, most enterprises have learned the lesson about treating security as an afterthought. When it comes to HCI, the trick will be to ramp up deployments quickly but not in a way that jeopardizes ongoing data operations.

    Security is a key aspect of this new environment, but it cannot simply be carried over from legacy systems. HCI is a unique form of infrastructure, and it needs a unique form of protection.

    Arthur Cole writes about infrastructure for IT Business Edge. Cole has been covering the high-tech media and computing industries for more than 20 years, having served as editor of TV Technology, Video Technology News, Internet News and Multimedia Weekly. His contributions have appeared in Communications Today and Enterprise Networking Planet and as web content for numerous high-tech clients like TwinStrata and Carpathia. Follow Art on Twitter @acole602.

    Arthur Cole
    Arthur Cole
    With more than 20 years of experience in technology journalism, Arthur has written on the rise of everything from the first digital video editing platforms to virtualization, advanced cloud architectures and the Internet of Things. He is a regular contributor to IT Business Edge and Enterprise Networking Planet and provides blog posts and other web content to numerous company web sites in the high-tech and data communications industries.

    Latest Articles