Getting your data center security right
By Manish Israni
The Equifax breach in 2017, which was termed as a case of ‘neglect of cybersecurity’, led to records of 143 million customers being stolen which included names, social security numbers, date of birth, addresses and driving license numbers. Sensitive information that can potentially misused by cybercriminals. Today data security has become a major concern for companies as their valuable data increasingly residing outside their premises either on third party datacentre or on public cloud. A small breach in the system can cause repercussions with long term effects as any part of the system can be an entry point for attackers who are continuously prowling the internet to look for unsecured access points. As a bare minimum, every company expects an assurance that its data is secure within the IT infrastructure of its data center service provider.
Due to the burgeoning demand for data centers, data center security market too is witnessing an upward trend. As per Future Market Insights, the data center security market is expected to exhibit a CAGR of 11.1% from 2018-2028, globally.
Data center and its security
Security is one of the most important criteria while designing and finalizing the layout of a data center building. Data Centers should be treated as national assets and need to be safeguarded with the highest security standards against both physical and cyber attacks to its infrastructure, software and networks. A wide range of processes, products, people and strategies are implemented to prevent outside interference and protect data from attackers trying to invade the network by hacking the firewall or cracking passwords. There are various security measures that data center providers can put in to place for safeguarding their data from malicious intentions. Below I have listed few of them –
A DC building should consist of a limited number of doors and windows and constructed with thicker walls. It must be structured and built in a way that it can withstand physical damage from calamities like natural disasters, terrorist attacks or industrial accidents. The building spot must be at some distance from airports, chemical facilities and power plants. Before acquiring the land, the company must ensure that the location is not prone to hurricanes, earthquakes or floods. Enhancing infrastructure security also includes CCTV monitoring, fire protection and hiring professionally trained security staff.
Restricting the entry permit for unauthorised personnel by use of two-factor authentication to enter the building, personal identity verification (PIV) cards and personal passcode are some of the other things to consider. Employee badge readers and biometric systems, such as fingerprint readers, iris scanners and facial recognition, may also be effective. Coined by analytics firm, Forrester Research, Zero Trust Architecture is another security model that doesn’t trust even internal teams or systems by giving default access and always verifies credentials for everyone and everything before allowing access to the system. This is a more secure and cost-effective alternative to traditional security systems and is relied on by Europe’s largest industrial manufacturer, Siemens as well as tech giant Google.
End point/Server security
All devices such as mobile, laptop, servers can serve as a potential access point for attackers. Therefore, it is imperative to identify the underlying vulnerabilities within the system, and deploy an overarching security infrastructure. Customers who have occupied racks and do not adhere to security standards may put the entire data center at risk. Having detailed, strict and documented security guidelines and procedures to follow, will help to maintain and safeguard the data center and the data within. Extensive measures such as offline data backup and recovery, data encryption, implementing the latest regulations for data protection and constant traffic monitoring will help to protect data stored in a data center from evident threats such as hacking, malware and spyware.
Virtual and physical environment, networks, application and infrastructure, everything must be secured to curb the risk of being attacked. Creating secure zones in the network by 24×7 monitoring, automated intrusion detection and prevention are some ways to layer security in a data center. With the rise of cloud computing, visibility into data flows is a necessity, since ransomware could be concealed among otherwise legitimate traffic. Every facet of a data center security should work in alignment with other components as part of an extensive, layered structure, that way a potential intruder will have to go through various layers to breach before reaching the utmost valuable data in the data center. Even if the intruder manages to breach one-layer, other layers may prevent the compromise of the entire system or alarm the management of the breach.
In 2020, with companies moving towards highly complex digital infrastructure to store their critical workloads, data centers are likely to be high priority targets for attackers. Thus, it’s crucial that all security aspects are taken into consideration right from the inception of the data center rather than as an afterthought.
(The author is the Executive VP & CIO at Yotta Infrastructure Solutions)
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]