Security is an important consideration in any organization to protect business data and ensure flawless functioning and business growth. An organization’s data center accommodates a network’s most important systems and is vital to the continuity of daily business operations. This makes the security and reliability of data centers and the information they store a top priority for any business organization. Potential customers looking for data center outsourced solutions will also have security as one of the first considerations.
What Comprises Data Center Infrastructure?
Data center infrastructure may include the following:
- Computers and servers
- Networking equipment, such as switches or routers
- Firewall, or biometric security system
- Storage or backup/tape storage
- Data center management software and applications
- Power and cooling devices including generators or air conditioners
- Physical server racks
- Internet backbones
The Real Threats
Information security has always been a baffling area for security experts as they attempt to protect the infrastructure and systems from hackers and accidental users. In the increasing threat landscape, it is vital to protect information assets but often this becomes tough with the speed of business and IT deployments. Cyber theft and attack have therefore become common issues in data centers.
In a recent siliconrepublic.com post, Ed Ansett, an electrical engineer in the construction industry, who spent almost two decades focused exclusively on data center engineering, spoke about this security issue data centers face. According to Ansett, data centers evolved in a number of ways since he entered the industry and he himself was often at the forefront of innovation. He co-designed the Block Redundant model for data centers which made such a design a much more economical undertaking.
The topologies designed in those days are being used every day now. When computer equipment began to be built with multiple power supplies, it provided an opportunity to make things much more reliable from a power systems point of view. Ansett pointed out that though during the period 2000 to 2010, people were putting in too much infrastructure at great cost, nowadays the focus is more on getting the right infrastructure in at the right capacity.
Ansett attaches great importance to the security of the power, cooling and control systems that are very significant in a data center, but which are often overlooked. Typically, data center monitoring is centred around computers, tracking virtual workloads, monitoring system performance, and responding to alerts regarding servers, storage or network within the architecture. However, a more holistic monitoring strategy is required in modern data centers. He quotes an example that is quite serious. While auditing a piece of critical national infrastructure, he discovered that you could shut down the data center remotely by using the Wi-Fi system that controlled the cooling. You could get into the cooling system without getting into the data center. It was found on investigating that there was a systemic problem. The systems had very weak encryption and user identification credentials, and they were often run by engineers who were not generally trained in cybersecurity. Ansett points out that the security of these critical systems exists in security purgatory. This kind of security threat is creating a lot of problems because this area of cybersecurity falls between information cybersecurity and data cybersecurity, and engineering.
Another problem is the lack of good clean power that is responsible for of unplanned data centre outages. A company should make its best investment in physical security to deal with the issues involving data center power. Yet again, a very real threat is that people can cause disruptions by shutting down multiple applications at once instead of shutting down just one application. In case there is an attack on your critical data center infrastructure, and your secondary system does not work well, you will have a serious problem in your hands. In most enterprise data centers, the secondary system is not that strong and it is very likely that you could access a cooling system and shut it down at random. This could put your business at risk and also invite customer distrust.
Security Measures to Take
What are the security measures an organization can take in this regard?
- Choose an apt location for the data center. Avoid areas that are frequently hit by natural disasters like hurricanes, tornados, floods etc. as well as those near airports, railroads, parking garages, and highways too as these places are easily prone to chemical spill or fire.
- Ensure your public internet connection is secured, and that nobody has remote access except those who need the permissions.
- Ensure two-factor authentication for remote access to mission-critical facilities.
- Have a system in place that monitors the infrastructure networks and watches out for extraordinary or suspicious traffic.
- Establish biometric identification as the method of entry to provide visitor access to sensitive areas of a facility. Apart from biometrics, visitors may also be given a key fob, a card key or another means of access and this would add an extra layer of security within the facility.
- Ensure constant surveillance of the data center for monitoring daily operations. Surveillance equipment installed throughout the building at all entrance, exit, and access points can help ensure that all areas are functioning properly and that every element of the building is secure and protected always.
- Ensure redundancy of equipment, personnel or storage to amplify security in case the primary sources fail.
- You can redundantly reinforce equipment such as batteries, generators, ventilation, heating, and air conditioning, as well as water, power, and telephone lines.
- Personnel redundancy involves safeguarding the data center when visitors are present with the support of staff/employees. Make sure that an employee accompanies visiting individuals such as contractors or repair crews at all times.
- Storage redundancy involves ensuring an additional level of network security.
- Redundant internet access can be provided to different carriers and physical infrastructures thereby providing customers the freedom to choose the best security solution for them.
- A private cloud service option can ensure an extra layer of data security for sensitive information. This is another convenience offered for customers who are concerned with backing up their data assets.
Global Data Center Security Market to Grow Exponentially
According to Zion Market Research, the global data center security market valued at $6.15 billion in 2016 is expected to reach at least $14.11 billion in 2022, growing at a remarkable CAGR of 14.85% between 2017 and 2022. The increasing number of new data centers and adoption of advanced security solutions offer significant opportunities to established and new security solutions providers. The data center security market is driven by high investment in the infrastructure to meet the growing demands from various sectors. Factors that encourage the growth of the data center security market to grow lucratively over the forecast period also include increasing safety concerns for business and personal data, and increasing need for data virtualization and cloud computing.
Providers of data processing services know that the primary function of data center infrastructure security is to ensure that all possible measures are taken to protect customer information and data assets. Periodic maintenance and testing of the data center monitoring infrastructure is indispensable, and this monitoring must scale in keeping with the data center’s evolution. When the data center is in a hosted environment and you are making use of outsourced solutions, specify and understand emergencies in your service-level agreement. Make sure that your provider has a contingency plan ready in case there is a sudden disruption.
Cyber attacks and theft are common issues in data centers but the above listed measures would help in improving the protection of data against all such attacks.