Security risk assessment within hybrid data centers: A case study of delay sensitive applications

Abstract

Data centers are considered a critical form of infrastructure in today’s information society. They are at the core of the cloud computing and services revolution, which has changed the business models on how organizations deal with IT infrastructure costs. The hybrid data center architecture incorporates both legacy and fully virtualized infrastructures. On the one hand, the composite infrastructure has improved resource utilization and consolidation by adding flexibility and scalability factors, making the data center more cost effective and more agile. On the other hand, the hybrid infrastructure has imposed a new set of security challenges that need to be brought into focus. The lack of resource availability can be a great risk for delay sensitive applications such as voice over IP (VoIP) and online gaming when cloud computing is the deployment model. This study addresses the emerging risk problem by conducting a comprehensive security risk assessment using the NIST national vulnerability database (NVD) combined with EBIOS risk analysis and evaluation methodology. This study focuses on resource availability problem emanating from delay variations and queuing mechanisms in virtualized systems and its impact on delay sensitive applications. The study argues for the existence of availability risk within the hybrid data center infrastructure, which can deteriorate the performance of delay sensitive applications. Security remedial and countermeasures to the identified security risks are suggested in an extended discussion at the end of the study.