Protecting the availability, confidentiality, and integrity of your network so that you can run your business securely, without interruption, and in compliance with regulations governing the protection of sensitive data, is critical. The idea that hardening the exterior of the network and allowing the interior of the network to remain soft because the interior is trusted is outdated, leaves the network open to attack from the inside, and doesn’t plan for a scenario in which a determined, resourced, persistent attacker finds a foothold inside the perimeter. That’s why you need to protect the data center perimeter and interior as strongly as you protect the enterprise network perimeter.

Inside attacks can originate from sources such as current employees or on-site contractors. The common thread in inside attacks is that the attack comes from a legitimate user or application source. Outside attacks can originate from cyber-criminals, hacktivists, and state-sponsored attackers, and from less obvious avenues of attack such as compromised partner or vendor systems, or a former employee who knows the network. The first step for an outside attacker is to gain a foothold inside the network, transforming the attack to an inside attack. In essence, all breaches are inside attacks even if they originate on the outside, because once an attacker gains access to the network, the attacker can roam throughout the network.

If an attacker steals the legitimate access credentials of a partner, the attacker can access your data center disguised as a legitimate user. Then, from the “soft, chewy interior” of your network, the attacker can use your internal servers and endpoints to move laterally through the network and compromise critical systems. Once an outside adversary breaches the network, you rely on network and user segmentation and layered defenses inside the network to protect your data, the same as when an attack originates from the inside.

Developing a best practice security policy helps protect your data center from attacks regardless of origin, in a staged and prioritized manner, securing the most valuable assets first and then phasing in additional protection. A gradual transition from a hope-for-the-best security policy to a best practice security policy helps to ensure the confidentiality of your data, the integrity of your organization, and the availability of the data center in a practical way. The following recommendations for designing and implementing a data center best practice security policy show you how to safely enable applications, users, and content by classifying all traffic, all the time, with minimal disruption to end users.