When we think of data centers these days they are actually trending toward two poles: becoming bigger and smaller.
At one end of the spectrum, edge data centers offer businesses hyper-local storage and processing capacity at the edge of networks. In this camp, data centers the size of shipping containers are being plopped at the base of cell towers. On the other end of the spectrum, there are mega data centers. These are the very large data centers that occupy about 1 million square feet or more of space.
For the purpose of this column however let’s take a deeper dive and examine data-center security—in both physical and digital and why it’s so vital to prioritize security—whether they’re large, small, or somewhere in between.
The “SWISS FORT KNOX:” what we can learn from it? The SWISS FORT KNOX is a data center that’s actually beneath the Swiss Alps. It’s literally under mountains. It’s connected by a series of tunnels that require clearance to enter.
It has emergency backup generators, transformers, and batteries, as well as an air-pressure system and many other cool fail-safe measures to keep this thing safe from whatever may be going on in the outside world.
And while it’s not reasonable for most companies to create subterranean super-secret lairs as data centers, for the purpose of this column, it’s important to talk about just how important data-center security is, and how different companies go about doing it.
The SWISS FORT KNOX may be an extreme example of a data center, but it is relatively common for companies to go to great lengths to secure their facilities.
A lot of thought needs to go into choosing a location for a data center, designing its physical structure, and then securing its digital systems. When talking about location, some organizations try to keep their data center locations secret.
Some best practices for building secure data centers include making sure the data center is not next to a headquarters or a main road; choosing a spot away from airports, power plants, and other potentially dangerous facilities; and avoiding geographic areas that are prone to natural disasters.
There’s also a lot of common sense that goes into protecting your facility once you’ve selected a location.
Build fences, plant tall trees, don’t put in windows, build thick sturdy walls, and hire security guards. It is advisable to limit entry points and use a smart security system, perhaps leveraging biometric identifiers to provide access to authorized parties. In addition, data-center infrastructure also needs to be secured.
Everyone recalls the Target breach that was traced back to an HVAC (heating, ventilation, and air conditioning) vendor. Any connected system is a potential entry point for cybercriminals looking to access data for their personal gain.
Your digital and physical security are only as good as the weakest link in the chain. So, if security on your rack power distribution unit system isn’t up to snuff, then your entire data center’s security isn’t up to snuff.
Also consider how important maintaining an ideal physical environment is in a data center. If someone can hack into your cooling system and it goes down, you’re not necessarily losing data, but you’re still in trouble.
It’s also important to consider some best practices for digital security in data centers. The zero-trust model is perhaps the best way to go in this case since it inherently treats everything suspiciously and from an enterprise perspective that’s exactly what’s needed.
In addition, as a company, it might be advisable to build in layers of security and redundancies to keep your data center secure. The physical security of the data center building or buildings is one layer, and we’ve already talked about that. Personnel can be considered a layer as well.
It may sound a little bit obvious, but don’t put people you can’t trust in your data center.
This is not to suggest you shouldn’t trust your employees, although you should be cognizant of the risk of internal breaches, everyone is vulnerable to breaches; Just keep in mind this just puts an extra layer of security where it’s needed.
Again, the point here is that you need to train and educate your employees about the importance of being careful, diligent, and safe. Also, then another layer is the security of the network, the software, and all connected devices and systems that work together to keep the data center up and running.
The name of the game is to use an intrusion detection and prevention system that checks for APT’s (advanced persistent threats) and any other unusual events.
What’s more, make sure to deploy a secure building management system that’s segmented from the main network.
A few final thoughts might be to look into network-level encryption, network segmentation, virtual firewalls, and other solutions and technologies that can help protect your data center from threats.
The hope here is that all of the aforementioned will help keep all of your data centers up and running and free from a data breach and running as smoothly as possible in this day and age when data breaches are at an all-time high.