Protecting the Data Center from Blended Threats with Converged Security

The IT threat landscape has evolved again, leaving enterprises more vulnerable than ever before. These new attacks combine physical and cyber threats to create a more complex and dangerous risk environment. 

Organizations across the globe are contemplating how to protect their environments from these threats as traditional security programs are not sufficient. Third-party data centers must be prepared to address these hybrid security attacks to safeguard their IT infrastructure and put their customers’ minds at ease. 

QTS, a leading provider of software-defined and mega scale data center solutions, has designed a comprehensive security program that unifies physical and cyber security under a centralized security umbrella to achieve a more holistic view of the risk landscape. 

Understanding Blended Security Threats

Historically, bad actors targeted organizations through either physical or cyber means. By using both cyber and physical elements, blended security attacks create multifaceted scenarios that can often go undetected until the full-scale attack is carried out. 
Today’s headlines are littered with examples of these attacks, and even corporate giants are not immune. A popular automotive company was the target of an attack in which an employee was offered $500,000 to download a file. While the employee did not accept the bribe, this information could have been used in a larger attack. 

Hybrid security threats integrate physical and cyber elements.

Hybrid Threats are Everywhere

Internet of Things (IoT)
Unsecured cell phones, smart home tools, virtual assistants and other connected devices offer opportunities for bad actors to collect private information that can be used in a physical attack. 

Operational Technology (OT)
Interfering with OT systems can impact operations. A recent cyber attack on a Florida water treatment plant allowed hackers to tamper with the water supply.

Unmanned Aircraft Systems (UAS)
Drones are an escalating threat for organizations. These autonomous aircrafts can be weaponized to fly explosives into targets or control infrastructure from afar. A drone was recently used to unlock the doors of a motor vehicle. 

Civil Unrest
Protests and uprising can create distractions that allow bad actors to access previously protected environments. In Greece, protesters learned the location of government data centers and set explosives around the perimeters of the facilities to create chaos that allowed them to enter the secured buildings.

Nation State Sponsored Actors
Funded by countries, nation-state-sponsored actors gather and use information to force people to do their bidding. For example, a U.S. national, whose parents live overseas, was targeted by holding his mother’s kidney dialysis treatment hostage until the individual complied with the actor’s demands. 

Traditional Security Programs are Simply Not Enough

Addressing these new-breed attacks is difficult for most organizations because they operate outdated, siloed physical and cyber security programs. Data center physical security relies heavily on armed security guards, badge readers, biometric access controls, perimeter fencing and surveillance cameras. A typical response to a heightened risk is to deploy additional guards—a strategy that can introduce coordination challenges rather than improve security. 

On the cyber security side, many data centers utilize a centralized network operations center (NOC) to address network issues across their data center portfolios. This model limits local decision making and reaction, which can delay response time in a crisis. 

Without formal alignment, communication and collaboration between physical and cyber security programs, organizations will struggle to address these dynamic risks. 

QTS Converged Security Program Delivers an Integrated Approach to Hybrid Threats

QTS’ Converged Security program unifies QTS’ physical and cyber security programs under a single banner to promote a more comprehensive and unified view of the security landscape. This integrated approach allows the organization to better plan for and execute standardized security practices and coordinated responses across cyber and physical platforms to avoid attacks. Its alignment with QTS’ Federal security program also allows the Converged Security team to incorporate Federal best practices to protect its enterprise and hyperscale customers. 

QTS Converged Security Model Delivers:

- integrated security functions to address cyber-physical infrastructure security

- holistic threat management to secure physical and cyber assets 

- communication, coordination and collaboration across security teams

- unified prevention, mitigation and response to threats

Specialized Security Hubs Feed the Unified Converge Security Program

To achieve this holistic view and better control risk, QTS’ Converged Security model utilizes specialized, security-focused hubs—each of which shares its data into the Converged Security program.
These hubs also provide QTS’ Operations Support Center (OSC), with visibility across the organization’s entire portfolio of physical and cyber assets to directly identify and respond to any anomalies. Armed with dedicated, around-the-clock resources—including a physical security intelligence desk that is unique to the data center industry—the OSC has national oversight, something most data centers are unable to deliver. 

Cyber Threats Hub: Protecting the Digital Space

Cyber threats remain a serious risk for organizations. IoT, the remote work environment and other digital factors put enterprises at increased risk for cyber-attacks.
QTS addresses cyber security risks through a robust educational awareness program, IT and cloud systems protections, and pen testing. To supplement these programs, QTS is resolute in safeguarding its operational technology (OT) systems, which control data center temperature settings, power, connectivity and other technologies that support operations. To identify potential exposures, QTS conducts controlled attacks on its OT systems in offline environments. 

A recent ransomware attack on a National utility provider, which operates one of the East Coast's largest gas pipeline, was the result of weak OT systems security. Out of an abundance of caution, the organization shut down the pipeline to limit damage, resulting in limited gas supplies and spiking prices. 

Insider Threat Hub: Protecting People 
An organization's greatest asset is its people. Hybrid threats routinely target individuals using personal information and identified weaknesses to put them in compromising situations.
Nation-state-sponsored actors are funded by countries that invest considerable resources into orchestrating these kinds of attacks. For example, a nation-state-sponsored actor may contact an individual via LinkedIn to invite the person to speak at a conference. When the individual arrives in the country, his passport is confiscated, forcing him to comply with the nation-state-sponsored actor’s demands.

To protect employees and customers as they travel internationally, QTS offers foreign travel assistance. This offering helps individuals register their trips through a country’s embassy structure to document their destinations and timelines to provide some protection against nation-state-sponsored activity. QTS is also implementing an intense educational awareness program that is mandated by its Federal customers. 

These programs supplements QTS’ existing protections that include background and financial checks, user activity monitoring, and legal and ethics assessments. These programs allow the organization to vet individuals and carefully monitor the environment for atypical activity. 

BC/DR Hub: Strengthening Integrated Crisis Management and Response

Quickly identifying and responding to a crisis is critical to support business continuity. QTS is strengthening its business continuity/disaster recovery (BC/DR) efforts through integrated crisis communication planning and relationship-building with local first responders.   

To test its processes and gauge internal and emergency responder reaction times, QTS simulates real-world threats to ensure rapid and prepared responses. These orchestrated attacks also help QTS assess the implications of specific attacks to hone action and communication plans.

To strengthen its crisis management and response plan, QTS is also building relationships with local first responders.

“We want local emergency teams to know who we are, what we do and what we protect,” said Jon Greaves, chief security officer at QTS. “Knowing how to navigate our facilities before an emergency situation will improve response time to limit the impact of an incident.” 

Measurements and Signatures Intelligence Hub: Utilizing Technology to Address Risk

Like many data centers, QTS uses various technologies—including video surveillance, badge readers, and visitor and license plate logs—to record data and control access into its facilities. QTS takes these controls to the next level with its Service Delivery Platform (SDP), the industry’s first software-defined orchestration platform. By digitizing data center functionality and compiling the data in SDP, QTS enables real-time access and visibility into the data center environment. This provides the OSC with immediate notifications of environmental anomalies to quickly respond to unexpected events and optimize data center performance.

Adding to this innovative technology, QTS is also working on technology to monitor its airspace for drones. These unmanned aircraft systems (UAS) pose a growing security risk as they are increasingly used in attacks. For example, in Saudi Arabia, drone attacks on two oil refineries disrupted oil production. An awareness of what is in an organization’s airspace can help prevent these scenarios.  

Signals Intelligence Hub: A Communication Hub for the Greater Good

Today's hybrid threat landscape is complex and requires a collaborative environment to share information that can help mitigate attacks. QTS’ Signals Intelligence hub collects data from Federal, hyperscale and enterprise customers—as well as partners within the community. 

“Defending against hybrid security attacks demands collaboration and data sharing across a broad group of organizations,” said Greaves. “QTS serves as a two-way intelligence hub, gathering and sharing key data with our community. This collaboration promotes more informed and strategic defenses against hybrid security attacks.” 

Moving Forward to Address the Hybrid Threat Landscape

Enterprises are increasingly focused on insulating themselves from these massive-scale attacks, and they want to know that their data center providers are prepared to support them. 

“Our efforts have delivered advanced warnings of events to our customers—something our most technologically advanced customers are excited to see from a data center partner,” said Andrew Wild, EVP Security and Compliance. “QTS’ hybrid security capabilities are a true differentiator in the data center industry, and we are continuing to adapt and strengthen our Converged Security program to meet intensifying real-world threats."

Aberrant Behavior Detection:
QTS is committed to deeply understanding what constitutes normal operating conditions of its data centers—cumulatively analyzing onsite traffic trends, alerts from building security systems, access to specific data center spaces, and other time series data enables QTS to build this normal operating baseline.
One tool QTS is using to accelerate this analysis is aberrant behavior detection through centralized machine learning tools.  Flagging onsite events that appear to be outside of normal allows QTS’ security staff to act quickly based on a refined data set.

Security Rounds in Nuvolo
QTS continues to digitize processes which have historically been analog and therefore offer little data output.  Physical security rounds conducted frequently at and around QTS facilities is an opportune time to digitally compile a wide range of metrics (including security device health and round coverage and consistency).  Once a security round is completed, QTS’ security staff can feed the gathered data back into the aberrant behavior detection tools mentioned above, which in turn helps refine the focus of future security rounds.  QTS Security, therefore, becomes “smarter” and more effective after each and every security round.

Physical Security Intel Desk
QTS is excited to stand-up a new function in its Converged Security Program, the Physical Security Intelligence Desk.  The Physical Security Intelligence Desk acts as a central repository of intelligence from government agency, customer, QTS, vendor, and open sources.  This information is compiled, tailored, and shared across QTS locations and its customers to optimize security awareness and posture.

QTS will continue building this program by bringing strong threat intelligence experience from the military onto the Converged Security team.  QTS is partnering with the Skillbridge Program to strengthen its private/public relationship with the Department of Defense and also provide transitioning Servicemembers an opportunity to protect U.S. Critical Infrastructure by working at QTS.