Safe and Secure: Security Measures for Data Centers Continue to Evolve
As we generate and access more data, especially via websites, social networks, and electronic devices, there is greater opportunity for our personal or strategic data to be hacked. With more data access points than ever before, the complexity, frequency, and expense of data breaches is ever-increasing.
In the U.S. alone, the number of data breaches per year has steadily grown from about 1,000 cases in 2014 to more than 3,800 data breaches reported in 2019. The average cost of a data security breach for a major business is over $150 million. Recent high-profile hacks include Facebook (2018, 50 million accounts) and Quora (2018, 100 million accounts). For businesses, ransomware is especially troublesome, with nearly 1,000 attacks in the U.S. in 2019.
Protecting Data Centers from Attack
A data center can be attacked by both internal and external sources. Nearly 35% of all data breaches are “inside jobs,” carried out by dissatisfied employees. Physical security of the data center is therefore essential for ensuring that only authorized personnel have access to their specific areas. This is accomplished by:
- Zero trust model. Authentication and/or other credentials are required for all individuals with access to the data center and for all internal traffic.
- 24/7 security. On-site security starts with 24/7 security staff who patrol every data center zone. Other security assets include cameras, alarms, and security checkpoints.
- Background checks. Thorough background checks should be conducted for all operational staff, security staff, and third-party personnel who have access to the data center.
- Exit procedures. When someone with the authority to access sensitive zones and assets within the data center leaves their position, systems and procedures should be in place that specifically look for and remove these privileges.
- Biometric technology. Biometrics identify people through unique physical characteristics, such as fingerprints or the shape of a retina. It is especially valuable as a component of two-factor authentication.
- Secure access points. Entrances to sensitive zones like the data floor should be protected by multiple systems, including manned checkpoints, camera systems, and two-factor authentication.
Virtual Security Practices
Data protection starts with layered security measures. Each aspect of a security program should be integrated together as part of a comprehensive, layered system. Interconnected security protocols make it far more difficult for intruders to access valuable data or hardware assets in the data center. Other key data-protection recommendations by vXchnge, a data-center-as-a-service provider, include:
- Strengthen perimeter security, firewalls, and intrusion detection systems (IDSs) that monitor and inspect traffic before it reaches your internal network. They can detect any unusual activity of users or indicators of distributed denial-of-service (DDoS) attacks and other threats.
- Access control lists (ACLs). Most modern firewalls come already equipped with ACLs, which allow or deny traffic to specific areas.
- Two- and three-factor authentication.
- Penetration testing. Conducted annually, or even twice a year, penetration testing should be carried out by a verified third party, with any identified security risks fully mitigated.
- Radio-frequency identification (RFID) tagging allows staff to watch every piece of hardware 24/7/365. Tags can even send out alerts the moment an asset is moved or tampered with.
- Redundancy. Tier 3 or 4 data centers are typically larger and more complex systems that require more sophisticated and extensive security measures, including redundant infrastructure.
- Encryption. All data must be heavily encrypted during transfer and regularly backed up.
Confidentiality, integrity, and availability (CIA Triad) are essential components of any effective information security program. The CIA triad is a widely used information security model that can guide an organization’s efforts and policies aimed at keeping its data secure.
Every element of a data center’s physical security should be implemented with other elements in mind so that they form an interlocking network of security measures, each one enhancing the effectiveness of the others.
Thorough security protocols should be regularly tested and upgraded as needed to keep pace with increasingly sophisticated cyber threats. As data center security technology continues to evolve, “new physical security measures will surely be incorporated as best practices,” adds vXchnge. “Data center customers can review security certifications and request a more detailed overview of the physical and logical security measures a facility has put in place to ensure that data remains well-protected.”