Today your data center is where your company’s most critical infrastructure lives. Security for the technology and data contained in your data center requires the use of advanced threat detection software and compliance to regulatory and physical practices to protect your customer’s data from internal and external threats.
The Importance & Growth of Data Center Security
In addition to the information, you’re protecting, which is invaluable, there are other consequences of gaps in your security that are just as important and potentially devastating to any organization.
- Reputational damage and loss of customer trust – Expect the worse..everything from bad press, negative customer sediment on social media, and customer attrition. These things can create a downward spiral resulting in diminished brand value, erosion of customer trust, and eventually financial losses. While the number one priority is to eliminate or remedy any security gap, the next step is critical…to mitigate any impact the breach might have on your customer base by informing them as soon as possible. A good marketing firm might be helpful to create a well-crafted actionable alert, monitor and respond to social media/press inquiries and other comments.
- Noncompliance fines from industry regulations – There is an incredible amount of government guidelines regarding proper data compliance–it can be easy for business owners to find themselves in violation. This means leaving your company open to financial penalties, lawsuits, audits, and even dissolution. Utilizing compliance checking software, penetration testing services, and hiring personnel with the proper training and knowledge will go a long way to reduce these risks.
- Financial damages and lost revenue due to downtime – Unexpected downtime is often due to a company’s reliance on the infrastructure that is inadequate, outdated, or architected in a way that does not meet the standards required. Investing in new technology, redundant systems, better monitoring, and increased bandwidth does not come cheap.
Implement Data Center Physical Security Measures
Not all technology security issues are about a hacker, malware, or your hardware. You could be overlooking a possible physical threat. You should first consider the likelihood of seismic activities in some areas where this type of activity is expected. Certified “seismic rated” equipment will generally be required by local building code. In other areas, weather-related dangers may be present–especially in coastal and low-lying areas. In the U.S., many companies are opting to build data centers in rural dry areas where the risks of impact from natural disasters are low.
Understanding other physical security measures are specified by a number of organizations and their certification processes is a good idea. At a minimum, your data center should adhere to ISO 27001, which normally includes some level of Systems and Organization Controls (SOC) baked-in. If you are collocating, make sure you ask the data center operator which regulations they’re adhering to before you agree to sign a contract.
The credit card industry uses PCI DSS (Payment Card Industry’s Data Security Standard) as its own set of well-outlined security requirements. If you are storing credit card information you will need to be in PCI compliance at a minimum. If you store healthcare data HIPAA (Health Insurance Portability and Accountability Act) compliance would be necessary. While specific security requirements are not clearly outlined in HIPAA documentation, you’ll want to make sure your data center facility can meet the necessary level of compliance.
Monitor & Restrict Virtual Access
In addition to restricting physical access, you also need to monitor virtual access, too. There’s more to it than installing doors with locks and cameras. It’s in your best interest to set permission levels for each user and limit the number of people who have access to your servers. The reality is that you likely need to implement a zero trust approach to ensure all is kept secure. Zero Trust is a security concept that no organization should automatically trust anything inside or outside its perimeters and instead, must verify anything and everything trying to connect to its systems before granting access in a virtual or physical sense.
Keep Your Servers & OS Current
Running updates and applying patches is boring and time-consuming. However, it must be done to maintain a high level of security in your data center and with your servers. Manufacturers release patches that address/fix newly found security gaps and they should be deployed in a timely manner. It’s a responsibility not to be taken lightly and will save you many future headaches, reduce overall downtime, and decrease the chance of a cyber-attack.
Conclusion
Proper data center security requires a multi-tiered approach due to the fact there are a lot of moving parts; it’s the role and responsibility of management to ensure your organization keep up with the latest best practices. Datacenter security is serious business and will continue to be well into the future, as technology continues to develop and grow and become even more complex.