Identify Your Most Important Infrastructure
Learning Objectives
After completing this unit, you’ll be able to:
- Describe how to identify, prioritize, and coordinate the protection of your most important infrastructure.
- Identify the risks associated with infrastructure support.
- List the benefits and drawbacks of on-premise versus cloud-based infrastructure.
Identify and Prioritize Your Most Important Infrastructure
Your infrastructure provides the essential services that underpin your organization. You need to understand what the most important components of your infrastructure are and how they work.
Attackers seek to exploit your organization’s infrastructure in order to threaten your security. Your IT infrastructure encompasses all the systems, communication, and collaboration tools your organization utilizes to maintain efficient operations. Let’s dig deeper and define some of these infrastructure components.
Components |
Description |
Security Impact |
---|---|---|
Network switches |
The control panel for your entire infrastructure that enables various devices to connect and communicate internally |
Unmanaged switches or interruptions in service may cause network downtime and resiliency failures, and may lack monitoring capabilities. |
Servers |
The program that provides devices and users on the network with shared resources |
Traffic overloading can cause servers to crash and prevent them from handling requests and accessing websites, services, or platforms. |
Firewalls |
A device that monitors incoming and outgoing traffic to your network and decides what to allow or block |
Failing to configure them properly could leave your network exposed to risks. |
Data Centers |
A facility that houses key IT infrastructure components allowing you to store, transfer, and access digital information |
Any physical or logical damage could cause severe disruptions for many businesses, with wide-reaching consequences. |
Routers |
The hardware or virtual appliance responsible for linking one or more networks to others or the internet, by moving packets |
A bad router can have a negative impact on the quality of your connections. |
Software |
The security programs, applications, email, and more that help you perform business-related tasks |
Without quality software, your workforce cannot perform at its best or rely on its security. |
Environmental Controls |
The heating, cooling, fire suppression, flood prevention, humidity controls, and more that protect your infrastructure from devastating events |
Data centers lacking environment controls are at greater risk for hardware failure. |
Infrastructure Support Risks
So, what are the risks involved in infrastructure support? Let’s take a closer look.
Under- or Over-Provisioning
Sizing up the right amount of compute, network, and storage resources with room for growth can be a complex and costly process. It’s helpful to assess system usage over time and gather performance data from your existing environment. This allows you to better understand your current and future needs, significantly reducing the risk of under- or over-provisioning your infrastructure.
Hardware/Software Incompatibility
Integrating separate hardware or software and their components like servers, storage, and virtualization from different vendors can be challenging. Testing components together is a good way to ensure they can be up and running quickly. However, keep in mind that this implementation and testing process can take a long time to properly validate the entire infrastructure solution, which can delay implementation and migration. Make sure to account for this time into your project schedule.
Network Issues and Outages
As an infrastructure support specialist, you’ll likely need to troubleshoot network performance issues for your on-premise, hybrid, and cloud environments. This becomes especially challenging when your infrastructure environment is complex, making it difficult at times to pinpoint the location of the issue along your network path.
One option is to use a reputable cloud service provider (CSP) that has multiple data centers all over the world. These data centers are interconnected, with high-speed bandwidth, offering redundancy, failover, and guaranteed uptime. Failover is having redundancy built into the environment, so that if a server fails, another server takes its place.
Migration Issues
When you’re implementing a new technology solution, you’ll need to migrate your existing workloads from your old infrastructure to the new one. These may be physical workloads or virtual workloads, but either way you want to avoid both downtime and data loss. The right preparation will help ensure a smooth migration.
Be sure to have in place a clear strategy determined by business objectives, a clear understanding of the full scope of your IT environments, and a reasonable planned budget. The more time spent up front on this will pay dividends down the road.
Unexpected Costs
Unexpected costs can include training, consulting, testing, and troubleshooting, and these are especially relevant when your infrastructure is complex. Unexpected costs can also arise from downtime. For example, your organization could lose revenue if it’s site is down and customers can’t shop for products. You should build buffers into your budget to account for these constraints.
To assess risks, it’s important to take a close look at the threats associated with different entities, and analyze your infrastructure’s vulnerabilities and exposures. Doing so can help you prioritize remediations and risk mitigations for your organization, and thereby strengthen your security.
Generally, you can transfer, reject, reduce, or accept a risk at a high, medium, or low level, but you can never fully eliminate risk. You can, however, reduce risk by implementing or improving security controls and procedures. Before you implement a particular control, you should consider the costs and benefits of it. If the cost of the control exceeds the benefits, your organization may choose to accept the risk rather than incur additional costs securing the system.
On-Premise (On-Prem) Vs. Cloud
Let’s take a look at the considerations involved in choosing between on-prem versus cloud infrastructure.
Meet Ana Marie. She’s an infrastructure support specialist at a philanthropic organization. She’s working with the infrastructure team at her organization to decide whether to replace their on-prem infrastructure deployments with cloud-based alternatives.
Ana Marie knows that on-prem infrastructure uses her organization’s own hardware, software, servers, and other resources. She knows that in some cases, this may be more secure, as it allows her organization to maintain a level of control that the cloud does not offer. Ana Marie also recognizes that the downside of the on-prem environments is the high cost associated with managing and maintaining the solutions.
She explains to her coworkers that in a cloud-environment, a third-party provider (called a CSP) hosts your infrastructure for you. This enables you to pay for only the services you use and automatically scale up or down, depending on overall demand. This arrangement is typically referred to as infrastructure as a service (IaaS). In considering whether to use an on-prem or cloud-based infrastructure, Ana Marie and her coworkers think through the resilience and scalability, costs, and security of each approach.
Resilience and Scalability
Ana Marie knows that using cloud-based infrastructure may mean her organization is less vulnerable to system failures. She explains to her coworkers that quality CSPs offering IaaS allow organizations to purchase multiple compute, network, and storage technologies that are fully redundant and offer automatic failover protections. In her experience, using an IaaS means that organizations have the assurance that their data will be automatically backed up and protected in the event of a hardware or system failure, making the organization less susceptible to data loss. She knows that this can also enhance their resilience to data thefts through ransomware attacks. Finally, she explains, using the cloud also allows for easy scalability based on usage from any device, anywhere, synchronously.
Costs
Next, Ana Marie and her coworkers discuss costs. In her experience, cloud often offers greater functionality at a lower cost. She knows that when you outsource your infrastructure, you save money by not having to purchase and maintain the necessary hardware yourself. This makes your infrastructure deployment less complex and eliminates the need to handle maintenance.
Security
Finally, the team discusses security. Ana Marie knows that using the cloud means that her organization no longer needs to take care of data security all by itself. She explains that the CSP typically has trained IT staff who manage and maintain security updates for those hardware and software items under their purview through a shared responsibility model. Her coworker, Steve, chimes in that using a cloud-based infrastructure is not a cure-all. He explains that their organization is still ultimately responsible for keeping any information or information system stored on the CSP’s infrastructure secure.
Steve and Ana Marie discuss further and decide to pursue a hybrid approach, where their IT infrastructure is split between cloud for some parts of their infrastructure, and on-premise for some other more sensitive functions and resources. For their less sensitive information, they choose a CSP that provides protection mechanisms and adequate security. For their more sensitive resources, they decide to keep the information on-prem. This allows them to control where the sensitive data is stored and how it’s managed, while leveraging their organization’s existing infrastructure investments but cutting costs in some other areas.
Sum It Up
In this unit, you’ve learned more about how to identify your most important infrastructure. You’ve also explored the risks of infrastructure support, and identified the benefits and drawbacks of cloud-based versus on-prem infrastructure.
Next, let’s dive deeper into how to protect your infrastructure with secure servers, network access control lists, and rules for managing specialized applications. Let’s go!
Resources
- External Site: Fortinet: Cloud Infrastructure
- External Site: Fortinet: What CISOs Need To Know About IT Infrastructure Leaders
- External Site: Fortinet: Keeping Operational Technology Secure: A Conversation with OT Security Leaders