Check out our blog: Read the latest on DCIM here

Navigating the Top Four Security Risks of Data Center Infrastructure

security cover
In today’s interconnected world, data centers are the beating heart of business. These vital facilities house the vast computational power that drives operations and productivity in all manner of businesses, from banking to mining to healthcare. The complexity of securing and managing these modern data centers is undeniable; now the need to secure the underlying power, cooling and facilities has come into focus. As a result, data center infrastructure management software (DCIM) has become a critical security tool.

Understanding DCIM and its Importance

Unlike data center hypervisors and orchestration suites, data center infrastructure management software (DCIM) manages “things”: the smart infrastructure that keeps the software, servers, and storage arrays powered, cooled, and physically secure. DCIM also manages the data generated by these devices and the timely dissemination of this data to owners and tenants.
mgmt

Infrastructure Management

DCIM manages the smart infrastructure that powers, cools, and secures modern data centers.
reporting

Reporting

Aggregation, normalization, and analysis of events, alarms, and device status.
data

Data Dissemination

Timely sharing of information with owners and tenants.
Now, let’s delve into the primary operational threats and vulnerabilities to DC infrastructure and actionable strategies for risk management.
risk1

API Risks from Enterprise Systems Interfacing

Data centers are often interfaced with a plethora of enterprise resource planning systems, including accounting, asset management and reporting tools. These Application Programming Interface (APIs) can create vulnerabilities for both DC owners and tenants if they are not properly secured and maintained.

A poorly configured API could allow hackers to access data center infrastructure and falsify sensitive decision-control information. Or potentially more damaging, manipulate infrastructure devices to disrupt services and possibly damage systems themselves. In 2023, Akamai noted a 76% year on year increase in API attacks targeting operational technology (OT) infrastructure, where the outcomes are associated directly with production outages and the possibility of physical damage.

Managing API risks is difficult because of the constantly evolving threat environment and the range of vendor and open-source APIs in use. Like keeping up with anti-virus or intrusion detection signatures, effectively managing API security is a challenge and requires a combination of applied best-practice in API development and timely threat intelligence. A DCIM solution can effectively mitigate API security issues.

1

API Vulnerabilities

Poorly configured APIs can create vulnerabilities for both data center owners and tenants.
2

Potential Threats

Hackers could falsify energy consumption data or manipulate infrastructure devices, leading to service disruptions and system damage.
3

Increasing Attacks

Akamai reported a 76% year-on-year increase in API attacks targeting OT users and systems in 2023.
4

Challenging Management

Managing API risks requires constant vigilance due to the evolving threat landscape and diverse range of APIs in use.

risk2

Firmware Risks: A Vector for Compromise

Firmware, the software embedded in the “things” that control the infrastructure in a modern data center, is often overlooked in security assessments. However, it can be a significant vulnerability. Exploits targeting firmware vulnerabilities can grant attackers control of devices and opportunities to sabotage power management, cooling, physical access controls or any other connected infrastructure element in the data center. (Source: Binarly.io)

In the Microsoft Digital Defense Report 2023, 57% of devices on legacy firmware are exploitable to a high number of common vulnerabilities and exposures. In April 2024, Underwriters Laboratory, a leading tester of IoT devices and firmware, issued guidance related to firmware security: consider solutions that can generate reports about firmware inventories to guide mitigation or remediation efforts. The reasons for the difficult state of firmware are many and varied: fragmented and diverse supply-chains; weak coding and development practices; long patch cycles and, mostly tellingly in the context of DCIM – a lack of visibility.

1

Track Firmware Inventories

Centrally track device firmware inventories to identify where vulnerable devices are in operation or identify devices which appear unusual or unauthorized.
2

Implement Real-time and Time-series monitoring

Set up real-time and historical monitoring of device firmware, including those powered down or temporarily disconnected.
3

Plan and Monitor Updates

Use the gathered information to plan for testing and controlled deployment of firmware updates, and confirm the plan was executed.
risk3

Third-Party Supplier Risk

The operational technology (OT) infrastructure within a data center is often a complex ecosystem of power management, cooling, physical security and other building management vendors. These vendors and associated contractors play a crucial role in maintaining functionality, and require access to OT Ethernet within the data center: they also introduce security vulnerabilities.

Third-party vendors have previously become unwitting “trojan horse” attack vectors; physically carrying malware and compromised firmware over the logical security systems of the DC and directly onto the infrastructure management networks. Threat actors target these infrastructure contractors for their privileged access to valuable customers. They unknowingly facilitate the installation of counterfeit and compromised firmware and devices, which become platforms for attackers. The 2024 Verizon Data Breach Report cites a 68% YoY growth in these types of supply chain attacks, now representing 15% of all breaches overall – up from less than 4% just a couple years ago!

graph

Addressing the risk of Third Parties is a matter of visibility: look for DCIM solutions that include monitoring and detection features that detect and alert if a compromised, counterfeit or defective device enters the data center infrastructure network.

Third-Party Vendor Risks

Vendors and contractors with access to OT Ethernet can inadvertently introduce security risks to data centers.

Attack Vectors

Third-party vendors can become “trojan horse” attack vectors, carrying malware and compromised firmware over security systems.

Mitigation Strategy

Implement DCIM solutions with monitoring and detection features to identify compromised, counterfeit, or defective devices entering the network.

risk4

Situational Awareness, Proactive Maintenance and Lagging Indicators

Traditional data center infrastructure tools provide situational awareness that can be many minutes to days old, making them “lagging indicators” restricting the visibility operators need to operate efficiently and respond to threats.
4 graphic

Lagging indicators deprive operators and managers the ability to be proactive, versus reactive.

This has been the case in the most serious OT failures in recent years such as the Deep Water Horizon disaster and the Texas Power Grid outages of 2021. (Source: FERC) The effect of lagging indicators is degraded resilience, poor operating efficiency, and downtime. A reactive approach to infrastructure threats based on old information can be costly, as it often allows security incidents and attackers to persist unreported and undetected for long periods. Additionally, when you integrate complex and different types of equipment as found in data center infrastructure, any failure or degradation of one component negatively affects other components in the system. Without an effective solution, lagging indicators can:

Asset 13

Compromise
resilience

Asset 14

Affect confidence in decision making

Asset 15

Impact service level commitments

Asset 16

Degrade organizational
reputation

Asset 17

Create legal
liability

Asset 18

Breach insurance
covenants

The optimal DCIM solutions will have low latency in visualization and situational awareness, tunable support for algorithmic prediction of threats based on changes in device meta-data, and multiple alerting options.

Mitigating Data Center Infrastructure Risks with Modius® OpenData®

The risks outlined above are a stark reminder of the challenges faced in data center infrastructure management. By prioritizing security as a feature of DCIM solutions, organizations can mitigate these risks and ensure the resilience of their infrastructure.
dcim security benfits

If you are looking for a next-generation DCIM solution that can help you gain higher efficiencies and improved security, consider Modius OpenData. OpenData provides integrated tools including machine learning capability to manage the assets and performance of Data Centers, and critical infrastructure. OpenData is a ready-to-deploy DCIM featuring an enterprise-class architecture that scales incredibly well. In addition, OpenData gives you real-time, normalized, actionable data accessible through a single sign-on and a single pane of glass.

We are passionate about helping clients run more profitable, secure data centers while providing operators with the best possible view into a managed facility’s data. We have been delivering DCIM solutions since 2007. We are based in San Francisco and are proudly a Veteran Owned Small Business (VOSB Certified).

You can reach us at sales@modius.com or 888-323-0066

Share this article

Facebook
Twitter
LinkedIn