Back to basics: data security

By Steve Weiner, Offering Manager - Data Centres at Fujitsu UK and Ireland.

  • Monday, 27th January 2014 Posted 10 years ago in by Phil Alsop

When considering data centre security today, the majority of IT professionals’ thoughts are dominated by the digital element of the challenge at hand. Most of their time is spent ensuring that data is protected from online threats such as cyber-attacks. But what good is digital security if your business does not concerned itself with the physical security of its data centres? After all, without a physically safe datacentre environment there really is no true security at all.


This situation begs the question, why is this obviously vital aspect of security so often overlooked or considered less important than the risk to digital assets today? And what can IT professionals do to ensure this core security element is fully integrated into their overall data centre strategy?
The first thing IT professionals need to do to ensure the physical security of their data centre is to identify the potential threats and risks, the biggest of which comes from people themselves. People are more often than not the weakest link in the security chain and, as such, businesses must know how to protect their data centres responsively and effectively. Keeping people out is one aspect of this and may mean that data centre managers need to enhance the data centre’s physical protection. This can be done by installing electrified fences, anti-ram barriers and access controls.


Another aspect is making sure the data stays inside the data centre. Managers need to look, again, at the people working within the data centre that have responsibility for the day-to-day activity within it. It is the data centre manager’s responsibility to understand what they are doing, how they are doing it and who has authorised them to be present. At the same time, it is important not to suffocate the business, so minimal intervention in the technical space is key – and processes around the datacentre’s security should, therefore, be as streamlined as possible.


Another type of physical threat to the data centre is the environmental access. Data centre managers need to be aware of where the data is stored to ensure that if there is a fire, flood or earthquake, the infrastructure the data is hosted on would not be physically damaged. Another environmental factor is also to consider where the data centre is located, if there is, for example, a warehouse next door storing chemicals because that too can have a negative effect on the security of the data centre.


Data centre managers also need to look into operational threats. They have to consider the network availability of their data centres, if the system goes down and customers cannot get access to their data, how will they know that their data is safe?


A good start to ensuring all those challenges are addressed is to make sure the data centre follows international standards. ISO 27001 is one of those international standards, which describes the best practice for a management system that a business can implement. When implemented, the management system takes a systematic approach to confidential or sensitive information, and manages organisational structure, policies, responsibilities, practices and resources. These standards are important in order to ensure data is kept safe from threats.


Beyond implementing ISO standards, data centre managers also need to consider regular penetration testing. This will help to protect the data centre from denial of access attacks, ensuring that hackers do not get one step ahead of security measures.


Finally, data managers also need to consider a layered security procedure to protect the data centre for their customers, so that they too can benefit from different layers of security over and above what they require.


By making everything fully auditable, making all the locks are uniquely locked and having CCTV, businesses are able to trace all activity back to the time and date where the breach occurred and can determine the source of the threat.


While the above is not an exhaustive list of physical security elements data centre managers need to consider when assessing risk, it should be a good starting point. In the end, all physical security comes down to managing risks, along with the balance of confidentiality, integrity and access. By looking at security from a holistic perspective in terms of the end user and hardening every point in the process, data centres ensure their data is protected effectively.