Story image

Data centre security: Technology alone is not the answer

20 Jun 18

Article by Flexenclosure regional sales engineering director LATAM Arturo Maqueo

The security of data – and in particular people’s personal data – has been a hot topic in recent months.

The EU’s rollout of new GDPR regulations; the Cambridge Analytica scandal; or the seemingly weekly revelations of financial institutions or consumer service providers which have had their databases hacked, are all examples most of us will be aware of.

Less often discussed but just as important as the security of our data, is the security of the data centres that house it. And at first glance, identifying, reviewing and prioritising all the elements that a data centre must contain in terms of security would appear to be a very complex subject, depending on myriad variables including facility size, organisation type, service commitments, system complexity, customer requirements, the list goes on…

However, independent of the variables mentioned above, in my view data centre security can be boiled down to just two areas – physical security and operational security.  And while both of these clearly depend to a great extent on technology, the single most important element is the establishment of appropriate policies, processes and operating procedures – and critically, of course, actually following them.

Unfortunately, over the years I have seen many examples of security – both physical and operational – being seriously compromised through the lack of clear and well-defined security processes and procedures. And ironically, I have seen this most often in data centre facilities that had state-of-the art security equipment installed.

For example, implementing the latest and most sophisticated biometric access systems does not, by itself, ensure that supposedly secure areas are actually secure and that access is fully controlled. On the contrary, I have witnessed unauthorised and unsupervised personnel wander in and out of secure areas at will. The failure here not being due to any fault with the access control equipment itself but to appropriate security protocols not being implemented or maintained.

As for operational security, a standard requirement for any modern data centre is to have redundancy capabilities fully integrated in order to ensure continuous operation even if disaster strikes. And for many data centre operators’ customers, this is non-negotiable, given their dependence on the often mission-critical systems the data centres house.

However, just as with ensuring physical security, implementing systems for fully redundant facility operation is not simply a matter of installing more of the latest equipment. Ensuring data centre redundancy is a hugely complex undertaking. Initial design is clearly important, as is the correct installation and interlinking of redundant systems, whether for power, cooling, monitoring, or communications. But most important of all, once again, are the protocols and procedures that must be implemented and followed in order to ensure that redundant gear actually kicks in to action if and when it needs to.

Regardless of whether the data centre in question is hyperscale or a relatively small edge facility, having the right processes in place and the right people following them are typically what makes the difference between, on the one hand, a data centre’s security being fully maintained and on the other, a catastrophic failure.

So when securing even the most technical of environments, technology is only part of the answer. Without the disciplined application of associated policies and processes, success cannot be guaranteed. After all, the best tools in the tool box are of little value without the appropriate knowledge and experience to use them.

A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.