Improving Open Source Security in the Datacenter
Open source software continues to be a huge and important resource for enterprise datacenters, but when it comes to maintaining security, open source can require special handling.
That’s the conclusion of the March 20 story by DataCenterKnowledge, which describes how enterprise open source users must be mindful that security patches and updates are managed carefully because, unlike with proprietary software vendors, automatic updates are not pushed out for open source code.
“Anyone can download open source software without having to give up any contact or payment information,” wrote Maria Korolov in her report, With Much of the Data Center Stack Open Source, Security is a Special Challenge. “If there’s an update or security patch, it’s up to the user to keep an eye out for it, download it and install it.”
With open source code, enterprises gain a wide range of resources, from customizable and solid applications that serve a myriad of needed tasks, to code that can be used without reinventing the wheel for business users. Almost everything can be found to serve open source users, from web server applications to databases, web site software, cloud applications and much more.
For business users, what’s needed are ways to keep their open source applications and code up to date more easily, with less manual intervention that can cause important steps to be left undone.
That can also be a problem with commercial applications that also integrate and use open source code, wrote Korolov.
“What’s even worse is that when the open source code is hidden away inside commercial software packages, the companies using them might not even know that the vulnerabilities are there,” she wrote. “According to Black Duck, 67 percent of commercial applications are using components with known vulnerabilities.”
Savvy hackers are sometimes able to reverse engineer third-party open source solutions. They may also obtain fragments of the source code used to build the software, which allows them to exploit vulnerabilities. They may also have knowledge of intrusion or exploit signatures, which may allow them to work around weaknesses. Commercial versions of software are more frequently managed and updated so as to protect against the latest-known exploits.
To aid in this process of adding security for open source code, users can also turn to the experts here at 5nine, which offers services that can directly heighten datacenter security for open source applications used by its customers.
“Open source software in the datacenter is critical to performance, scale and efficiency,” says Dr. Konstantin Malkov, Chief Technology Officer at 5nine. “Security products like 5nine Cloud Security mitigate many of the risks associated with open source software by immediately and automatically protecting virtual machines across multiple lines of defense.”
Additionally, 5nine Cloud Security “can help secure the virtual perimeter that open source software in the datacenter leaves behind,” says Malkov.
To maintain optimal security, organizations should ensure that binary code obfuscation is built into the security framework of their software vendors. They should also be looking for security technologies that implement machine learning, AI or anomalistic behavior. This way, these companies can remain one step ahead of malicious intent. Solely relying on AV, Antimalware and IDS/IPS solutions are no longer enough to protect a datacenter from attack.