Story image

Data centre security: Technology alone is not the answer

20 Jun 2018

Article by Flexenclosure regional sales engineering director LATAM Arturo Maqueo

The security of data – and in particular people’s personal data – has been a hot topic in recent months.

The EU’s rollout of new GDPR regulations; the Cambridge Analytica scandal; or the seemingly weekly revelations of financial institutions or consumer service providers which have had their databases hacked, are all examples most of us will be aware of.

Less often discussed but just as important as the security of our data, is the security of the data centres that house it. And at first glance, identifying, reviewing and prioritising all the elements that a data centre must contain in terms of security would appear to be a very complex subject, depending on myriad variables including facility size, organisation type, service commitments, system complexity, customer requirements, the list goes on…

However, independent of the variables mentioned above, in my view data centre security can be boiled down to just two areas – physical security and operational security.  And while both of these clearly depend to a great extent on technology, the single most important element is the establishment of appropriate policies, processes and operating procedures – and critically, of course, actually following them.

Unfortunately, over the years I have seen many examples of security – both physical and operational – being seriously compromised through the lack of clear and well-defined security processes and procedures. And ironically, I have seen this most often in data centre facilities that had state-of-the art security equipment installed.

For example, implementing the latest and most sophisticated biometric access systems does not, by itself, ensure that supposedly secure areas are actually secure and that access is fully controlled. On the contrary, I have witnessed unauthorised and unsupervised personnel wander in and out of secure areas at will. The failure here not being due to any fault with the access control equipment itself but to appropriate security protocols not being implemented or maintained.

As for operational security, a standard requirement for any modern data centre is to have redundancy capabilities fully integrated in order to ensure continuous operation even if disaster strikes. And for many data centre operators’ customers, this is non-negotiable, given their dependence on the often mission-critical systems the data centres house.

However, just as with ensuring physical security, implementing systems for fully redundant facility operation is not simply a matter of installing more of the latest equipment. Ensuring data centre redundancy is a hugely complex undertaking. Initial design is clearly important, as is the correct installation and interlinking of redundant systems, whether for power, cooling, monitoring, or communications. But most important of all, once again, are the protocols and procedures that must be implemented and followed in order to ensure that redundant gear actually kicks in to action if and when it needs to.

Regardless of whether the data centre in question is hyperscale or a relatively small edge facility, having the right processes in place and the right people following them are typically what makes the difference between, on the one hand, a data centre’s security being fully maintained and on the other, a catastrophic failure.

So when securing even the most technical of environments, technology is only part of the answer. Without the disciplined application of associated policies and processes, success cannot be guaranteed. After all, the best tools in the tool box are of little value without the appropriate knowledge and experience to use them.

Google doubles down on hybrid cloud strategy
CSP is a platform that aims to simplify building, running, and managing services both on-premise and in the cloud.
In ongoing cloud war, Google to acquire data migration specialist
Google is currently behind AWS and Microsoft in the cloud battle, and it would seem this play is an attempt to claw some ground back.
Interview: CyrusOne’s new Europe president on aggressive expansion
In this exclusive interview Tesh Durvasula shares how the company plans to have a Europe data centre portfolio providing nearly 250 MW by the year’s end.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Pure Storage expands enterprise data management solutions
It has integrated StorReduce technologies for a cloud-native back up platform, and expanded its data fabric solution for cloud-based applications.
HPE launches new real-time processing edge platform
The platform is said to help communication service providers (CSPs) to capitalize on data-intensive, low-latency services for media delivery, connected mobility, and smart cities.
‘Digital twins’ entering mainstream use sooner than expected
The term ‘digital twin’ may sound foreign to some, but Gartner says it is rapidly becoming established among modern organisations.
Infinera launches new ‘disruptive’ network architecture
The new end-to-end network architecture is said to enable instantly scalable, self-optimizing networks that adapt to the demands of specific users and applications.