If you can't get business done, tight data centre security is worthless, warns Trend Micro

Think about the application of technology as well as the capability, says VP of cloud

Planning worthwhile automated and optimised data centre security is about assessing core everyday needs, and following them into the future rather than locking down, Trend Micro's VP of cloud has advised.

Speaking at Computing's "Protecting the Modern Data Centre" web seminar today, Mark Nunnikhoven, Trend Micro's VP of cloud and emerging technologies, said: "As much as I love security everywhere, if the business can't get the business done, it's worse than having security everywhere.

"[When choosing security], beyond the answer of looking at data and organisation, when you're getting into the weeds, you need to look at the capabilities of the security group you're considering," said Nunnikhoven.

"Think of your network in a different way – you need to think about core objectives – networking, security around it, storage assets. Then take the next step and say operationally, what is our data centre operations team going to do? What is going to leverage now, six months from now, a year from now?"

Nunnikhoven expressed a belief that working with the operations team on a specific data centre outlook is of paramount importance, as "if you don't match what they are doing day by day, it's not going to be effective".

Commenting on the University of Westminster, whose information security officer Ashley Pereira recently virtualised 600 servers, Nunnikhoven said of a protracted project timescale:

"It seems like they [initially] took their traditional approach and tried to forklift it into a virtualised environment."

"You'll see over time, as technology changes, that how it is implemented also changes. I don't want everyone to have access to my email account for example - we will assess that is always a core requirement, and we'll always need the same kind of controls, but the technology will change.

"So future-proofing is best if you take in mind business needs, and work on different implementations. It will not be wasted time."