Data is essential to running a business today. If you want to develop, you need to keep information safe and minimize the risk of potential threats such as data theft or leaks which may result in loss of money and reputation, or even ruin your enterprise.
Data center outsourcing is a good solution if you want to make sure your data is stored according to best standard and practices and secured on every level. In this article, you will learn what to look for and what questions to ask when selecting a data outsourcing partner, as well as how to improve your data center security.
Data center security has a few layers, each of which should be protected separately. However, at the same time, each layer should be considered as an element of a comprehensive security strategy created for a particular data center (in the context of your business needs and environment).
Tier Classification
Tier classification is a relatively easy determinant that lets you estimate the level of security you can expect. Each tier means sets of standards for maintenance, cooling, redundancy and capability to withstand a fault.
Tier one and two are used by smaller companies that do not provide real-time delivery or use latency-sensitive applications. Tier one does not require any redundancy, and features 28.8 hours of annual downtime, while tier two has partial redundancy in power and cooling and 22 hours of downtime.
Tiers three and four are designed in accordance with the highest standards of security, including full redundancy (cooling, multiple links, dual-powered devices). Tier three means no more than 1.6 hours of downtime per year, and tier four no more than 26.3 minutes.
Physical Security
The first thing you should think of is physical security, and that starts with location. You need to consider geological activity in the region, the risk of flooding, fire and other force majeure, as well as which other industries operate in the neighbourhood (any high-risk ones? Any warehouse where flammable materials can be stored?) and the political situation (is there any risk of revolt, sabotage or war?). Data centers must have good transport connections for use in the event that it becomes necessary to evacuate quickly or send equipment or technicians to a vital maintenance job.
Of course, it is possible to minimize the effects of some of these risks with proper building design and construction. A fenced area, thick walls and special materials all help, but, as with any risk, it is better to avoid rather than mitigate.
Fencing is a must. Access to the data center should be strictly restricted and given to authorized employees only. Access for external visitors (customers, service technicians or auditors) should be granted in a formally documented process. The whole premises should be guarded and monitored, with CCTV at every gate, evacuation door and circulation area, and recordings should be stored in a safe place. There should also be security officers who take regular patrols and oversee entry to the data center by checking off names on a list, checking IDs, noting arrival and departure time, and so on. Use of a fingerprint reader for identification purposes is worth considering, as it is almost impossible to fake such ID.
In addition, all doors in a data center should be secured with locks/badge keys/fingerprint readers, and cabinets and racks should be closed and accessible to data center engineers. All server rooms and corridors should be monitored using CCTV.
No matter how safe location and materials are, a data center should be prepared for fire and equipped with a good, modern fire protection system. A very early warning smoke detection system based on neutral gas, which is safe for people and does not cause damage to electronic equipment, will turn on the alarm immediately and gives employees working in the data center enough time to evacuate.
When it comes to construction, it is very important to design the data center to be fully redundant. Buildings should have more than one (ideally more than two) suppliers for telecom services and electricity, to ensure the data center’s uninterrupted operation even in the event of failure in one of the supplier’s plant network. Extra backup such as UPS (uninterruptible power supply) and generators (with refueling option) are also critical infrastructure. Of course, it is important to keep all these safeguards in good condition and ready to be turned on should a critical situation arise, so regular tests and audits are necessary. Last, but not least, an air condition system that maintains optimal temperature for electronic devices and optimizes energy usage (while minimizing environmental impact) is critical and should be redundant as well (in the event of failure of this system, temperature might cause damage to servers and other electronic equipment).
Virtual Security
The second layer of data center security relates to the virtual space. All data centers aim ultimately to keep data secure and private, and to offer comprehensive backup and recovery services. Therefore, data encryption, enforcing the latest data privacy regulations and comprehensive monitoring of traffic are a must.
The zero trust model is a security concept based on the assumption that organizations should not automatically trust anything inside or outside its perimeters, and should verify everyone and everything that tries to connect to its systems to find out what or who it is and whether it is authorized. The perimeter should be secured with firewalls to clean up traffic and monitor internal traffic within the network for the early detection of any threat that may occur.
Intrusion and detection systems are another important factor. These systems detect advanced persistent threats such as increase of users with elevated rights accessing the system at unusual times, extraction of large amounts of data from the system, increased phishing, or an increase in service requests that might lead to DDoS attacks.
In the era of virtualization, server security has become a complex challenge. It is necessary to ensure complete server and web-based application security with 24/7 monitoring (for the network and the physical location) and intrusion prevention and detection system (cameras, motion detectors and alarms).
Your Data is Worth it
No matter whether you run a big business or small start-up, the data you store and process IS always critical for your company’s success. You should therefore make security – both the physical and the virtual – your priority.
Although the complexity of IT security can be overwhelming, it is essential to have a strategy and infrastructure in place, regularly used and regularly tested. With a professional data center obliged to adhere to specific security standards (especially when combined with services such as backup, data recovery office and business continuity plans, and so on), you can achieve this with the help of professionals who have many years of experience.
Analyze your business needs, set your goals and choose wisely to avoid future problems and costs. You can find more information about ICT solutions provided by Comarch here.