Emerging Security Risks within Hybrid Datacenter Infrastructure : A Risk Assessment

Datacenters are critical infrastructures in today’s information society, they have undergone significant transformation from their inception days within their underlying technological infrastructure. They are at the core of the cloud computing revolution which is changing business models on how organizations deal with their spending on IT infrastructure.Virtualization has been the disruptive force driving this transformation within the datacenter space and has enhancing efficiencies in terms of server load consolidation, resource provisioning,flexibility, and scalability, lower spend on buying equipment and improved power utilization efficiency. The transition phase has led to modern datacenters incorporating both the legacy traditional datacenter infrastructure with the latest ones that are based on fully virtualized solutions. Though this mix of infrastructures has improved resource utilization and consolidation,the flexibility and scalability aspect that they bring about ushers in new set of emerging security challenges to the modern datacenter.The contents of this research work present a comprehensive Risk Assessment to a set of recentlyidentified security risks extracted from the NIST vulnerability database, these risks are related tothe flexibility and scalability aspect of modern datacenters. The findings of this study show thatvirtualization techniques introduce a set of new security flaws at the Hypervisor level, SDN Controllers and Virtual network layers thus further exacerbating challenges in ServiceAvailability, Confidentiality and Data Integrity in modern datacenters. An EBIOS approach to risk assessment was utilized as the guiding methodology. Security recommendations according to security best practices were then proposed as remedial mitigation measures. Ascertaining risk is crucial component for decision makers and the findings of this thesis research work contribute to that by providing better insight to the emerging security risks in a hybrid infrastructure context. The noted findings have implications to security design considerations for prospective datacenter providers who intend to deploy modern hybrid datacenter infrastructure or those in the process of transition.