Determining the standard performance metrics of your data centre is a key method for ensuring that your environment is secure. Any deviations from the “norm” can quickly identify a wider security issue.
With the persistent threat that security breaches pose to IT professionals, it is essential that data centres use standard performance metrics as the basis of a comprehensive security policy and process.
Breaking it down
Data center professionals have primarily used baseline data as a tool for determining availability, and for performance troubleshooting. Not understanding which metrics can be applied is the primary reason that data centres fail to capitalise on the full benefits of historical and baseline data provide to security processes. The following performance readings can be used from a security perspective:
CPU and memory: Spikes in processing unit and memory performance data can potentially reveal the existence of malware infections. Monitoring CPU and memory metrics will provide you with an understanding of standard performance that will allow for threats to be quickly recognised.
Network bandwidth utilisation: A sharp deviation in network traffic can be indicative of data being stolen. Ensuring that you and your team are familiar with the normal flows of network traffic travelling in and out of your data centre is a simple and swift method of identifying when a breach has occurred. Traffic monitoring tools such as NetFlow, sFlow, and J-Flow track data across the entire network, giving you the ability to pinpoint potential threats and then take the necessary action.
Data storage volume: Unanticipated increases or decreases in data volume could be signs of data being deleted or duplicated. Understanding the standard storage metrics of your data centre will help you to identify breaches. In addition, the unexplained movement of files can also be a tell-tale sign of a data breach, making it crucial to also monitor for normalcy of data placement.
Building your approach
As well as providing data center professionals with the ability to identify data breaches, performance metrics can also form the basis of a comprehensive security strategy. Detailed below are the specific steps that should be taken in your data centre to apply baseline data to the development of this strategy.
Alongside your IT department and key business leaders, determine:
- What are the key data centre performance metrics that should be analysed?
- Which departments within your business have access to sensitive data?
- What level of access is permitted (tablets, smartphones, laptops, applications, etc.)?
- What government policies (if any) apply to your business and the data you handle?
Then:
- With this information, create the security policy and distribute it throughout the business.
- Create an adaptable security maintenance schedule.
- Employ data centre monitoring software that will alert your team if there are any abnormalities from the predetermined performance metrics.
- Implement security procedures within the data centre and on the network. Do this after the performance baselines have been determined so that the effects of the incoming procedures can be properly evaluated.
- Produce fixed response procedures that can be applied when abnormalities are detected and there is risk of a security breach
- Ensure that all team leads are familiar with the response plans.
- Train all business employees at every level on security policies and processes. It may be necessary to arrange for drills to be undertaken so that the responses can be practiced and refined in mock scenarios.
- Regularly review the performance baselines with at least one week’s worth of performance data to maintain validity.
With a disciplined approach coupled with the application of security-specific tools, data center monitoring should be fundamental in your security strategy. Baselining can provide your team with the ability to develop and execute a predetermined response plan when abnormalities are detected. Often, this can all be achieved through the monitoring system that you likely already have in place within your data centre. The most successful IT projects are often those that let you recycle what you already have for a new purpose, and data centre security is no exception.