Some 31 years ago, the RMS Titanic was discovered resting on the ocean floor. The legend of its sinking has been retold many times in books and movies. One compelling aspect of the story is the safety claims made by its creators. Even as reports of the disaster began to filter into New York, the vice president of the White Star Line stated, without qualification, \u201cWe place absolute confidence in the Titanic. We believe that the boat is unsinkable.\u201d Obviously reality betrayed those maritime engineers\u2019 confidence.\nWhat lessons might this famous disaster teach engineers in modern data centers? In particular, how do we prevent hostile attacks\u2014the \u201cicebergs\u201d that lurk on the seas we sail\u2014from causing catastrophic breaches?\n+ Also on Network World:\u00a0How network segmentation provides a path to IoT security +\nThe confidence of the designers was not completely unfounded. The ship was divided into 16 compartments, each of which could be isolated by watertight doors. Up to four could have flooded without sinking the ship.\nData center networks follow a similar principal, called segmentation, with logical divisions designed to protect servers from attack.\nUnfortunately, the Titanic bulkheads did not run high enough, so water began to spill from one to the next. The threat came first from outside the hull, but then increasingly from adjacent compartments.\nLikewise, data center engineers increasingly recognize that threats don\u2019t just come from outside, so called \u201cnorth-south\u201d traffic from external access to enterprise web servers. They can also come from inside, hostile \u201ceast-west\u201d traffic from compromised servers probing for further vulnerabilities.\nNormal \u201ceast-west\u201d traffic includes, for instance, a customer-facing application querying an internal database to retrieve account information. But allowing such queries to flow without restriction would be as dangerous as a ship without any bulkheads. Instead, data centers are increasingly divided into smaller sealed compartments, an approach called microsegmentation.\nAutomation essential\nIn 1911,\u00a0Shipbuilder magazine reported: "The Captain may, by simply moving an electric switch, instantly close the doors throughout and make the vessel practically unsinkable." While some automatic controls were also available, such reliance on human intervention can become a weakness during the chaos surrounding actual emergencies.\nIn data centers, such a manual approach corresponds to opening tickets to prompt human operators to open or close firewall settings. That's not much better than the telegraph from the bridge to the engine room, signaling \u201cFull astern!\u201d as disaster looms ahead.\nA more modern approach is to assign each server to an appropriate security group automatically at the moment it\u2019s created, with predetermined settings limiting connectivity only to what is absolutely required. Such an automated approach becomes increasingly necessary to secure thousands of applications, especially as they\u2019re further divided into component microservices.\nOf course, the human element remains important, even if people are no longer involved with every transaction. One recommendation from the British report on the Titanic disaster stated: \u201cThat the men who are to man the boats should have more frequent drills than hitherto. \u2026 Such drills to be recorded in the official log.\u201d\nSuch directives sound familiar to anyone involved with ongoing security certifications of a modern data center, though admiralty rules has been replaced by Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS).\nThe senior wireless operator aboard, Jack Phillips, stayed at his post until the end, seeking help from other ships in the area. Afterwards a colleague wrote about his late colleague, \u201cI suddenly felt a great reverence to see him standing there sticking to his work while everybody else was raging about.\u201d\nAnyone who\u2019s experienced a data center breach can easily imagine the raging and also understand the need for sticking to the work.\nLearning from history and taking steps in advance can help avoid cybersecurity disasters before they happen. Increasingly network security will rely on microsegmentation and automated security groups, along with ongoing training and vigilance.\nHeeding the lessons of the Titanic can help modern data center engineers avoid and mitigate fateful encounters with unforeseen menaces, and ensure the only ice they encounter is clinking gently in a glass of their favorite beverage.