Site icon Trending Stories

Datacenter security is a serious business

Datacenter security is a serious business

Datacenter security is a serious business

Today your data center is where your company’s most critical infrastructure lives. Security for the technology and data contained in your data center requires the use of advanced threat detection software and compliance to regulatory and physical practices to protect your customer’s data from internal and external threats.

The Importance & Growth of Data Center Security

In addition to the information, you’re protecting, which is invaluable, there are other consequences of gaps in your security that are just as important and potentially devastating to any organization.

Implement Data Center Physical Security Measures

Not all technology security issues are about a hacker, malware, or your hardware.  You could be overlooking a possible physical threat. You should first consider the likelihood of seismic activities in some areas where this type of activity is expected.  Certified “seismic rated” equipment will generally be required by local building code.   In other areas, weather-related dangers may be present–especially in coastal and low-lying areas.  In the U.S., many companies are opting to build data centers in rural dry areas where the risks of impact from natural disasters are low.

Understanding other physical security measures are specified by a number of organizations and their certification processes is a good idea.  At a minimum, your data center should adhere to ISO 27001, which normally includes some level of Systems and Organization Controls (SOC) baked-in.  If you are collocating, make sure you ask the data center operator which regulations they’re adhering to before you agree to sign a contract.

The credit card industry uses PCI DSS (Payment Card Industry’s Data Security Standard) as its own set of well-outlined security requirements. If you are storing credit card information you will need to be in PCI compliance at a minimum.   If you store healthcare data HIPAA (Health Insurance Portability and Accountability Act) compliance would be necessary. While specific security requirements are not clearly outlined in HIPAA documentation, you’ll want to make sure your data center facility can meet the necessary level of compliance.

Monitor & Restrict Virtual Access

In addition to restricting physical access, you also need to monitor virtual access, too. There’s more to it than installing doors with locks and cameras. It’s in your best interest to set permission levels for each user and limit the number of people who have access to your servers. The reality is that you likely need to implement a zero trust approach to ensure all is kept secure. Zero Trust is a security concept that no organization should automatically trust anything inside or outside its perimeters and instead, must verify anything and everything trying to connect to its systems before granting access in a virtual or physical sense.

Keep Your Servers & OS Current

Running updates and applying patches is boring and time-consuming. However, it must be done to maintain a high level of security in your data center and with your servers. Manufacturers release patches that address/fix newly found security gaps and they should be deployed in a timely manner.   It’s a responsibility not to be taken lightly and will save you many future headaches, reduce overall downtime, and decrease the chance of a cyber-attack.

Conclusion

Proper data center security requires a multi-tiered approach due to the fact there are a lot of moving parts; it’s the role and responsibility of management to ensure your organization keep up with the latest best practices. Datacenter security is serious business and will continue to be well into the future, as technology continues to develop and grow and become even more complex.

Exit mobile version