Security is essential for organizations that rely on data centers. However, a new white paper from Data Centre Dynamics says that many organizations don’t understand that the most pervasive threats may come from where they least expect them.
Instead, the white paper says that data center security must focus on a combination of the physical – locking down access to assets – and the logical, to prevent cyber intrusions.
The white paper describes data centers as essentially “a massive concrete block, hardened against natural disasters and intruders.” However, that doesn’t mean data centers are invulnerable. That said, organizations that rely on data centers need to adopt a physical security strategy that is rigid enough to protect against “predictable threats,” and flexible enough to evolve to meet unpredictable challenges.
The white paper explains that one of the most critical steps data centers take is securing the perimeter of the campus. “The perimeter is the first line of defense for everything a data center facility needs to operate – including fiber vaults, connection points, and more,” the white paper notes. “Modern perimeter security combines human resources (constant patrols by security personnel) and technology.”
The primary challenge with physical security is striking the right balance between securing the data center and preserving usability for those who work in the facility.
The white paper also urgers data center operators and users to focus on resiliency. Security pros need to be focused on worst-case scenarios – someone driving a truck through the front door or a tsunami sweeping over the data center. “These may seem like alarmist concerns, but it’s a security pro’s job to plan for every possible contingency,” the white paper says.
To ensure resiliency, security professionals need to plan for the unexpected. Specifically, the white paper encourages security professionals to ask questions, including:
- What happens to a client’s data in a natural disaster or even a terrorist attack?
- Are there back-ups? Possibly in another data center?
- How long will that data take to recover?
“There are many more questions to ask, but these form the backbone of a vigilant, proactive physical security strategy,” the white paper explains.
Logical security partially boils down to cybersecurity. The white paper notes that cybersecurity threats are often just as serious as physical threats to data centers.
The white paper urges data center operators to consider that “despite wildly different approaches and measures, physical and logical/cybersecurity are inextricably linked.” The white paper says that the best data center providers find ways to merge the two disciplines to “create the tightest web of protection between bad actors and the data center.”
Building off the concern over bad actors, Data Centre Dynamics says that data center specialists need to have access to a regularly updated and published threat list containing known dangerous IP ranges.
In addition to cybersecurity, logical security also includes meeting government regulations and compliance mandates. Governments – both national and local – are rapidly passing new data privacy laws. These laws, Data Centre Dynamics explains, add even more complexity to the security landscape.
Data center users must look for a data center with “highly mature operations and processes for managing government regulations, risk, and compliance.” The white paper says that an organization having those bases covered provide a “signal that the data center meets or exceeds their contractual duty to maintain compliance and the ability to efficiently perform thorough regulatory audits if necessary.”