Organizations use physical data centers to house their data and critical applications. Modern data centers employ a virtualized infrastructure that supports business workloads, software applications and data in both a physical infrastructure and a cloud-based, off-premises environment.
Today’s data centers are home to assets such as mobile devices and embedded computing, reflecting the needs of multiple users with a dizzying array of priorities. For that reason, establishing a strict yet dynamic set of data center security best practices is essential.
Integral Components of Data Centers
Generally, most data centers include routers, switches, application delivery controllers, firewalls and servers. Because the center provides protection against outside threats and malware and prevents them from gaining entry, it needs to be equipped with a robust data center security ecosystem. A well-protected data center provides the following:
- Network infrastructure, including physical and virtual servers, storage, data center services and connectivity for end users.
- Storage infrastructure, including systems providing secure protection of valuable data.
- Computing resources, including servers, memory, processing, storage and local connectivity.
- All of these components require power sources, uninterruptible power supplies, backup generators, ventilation, cooling systems, fire-fighting equipment and connection to external networks.
Building a Secure Data Center
A fully functioning data center has numerous moving parts, most of which are prime targets for attacks. To prevent intrusion, the first place to start is to tend to your data center’s physical security. This has to do with everything from the shell to your surveillance and control systems, including the following:
- Proper location. Before entrusting your data to a center, be sure that the colocation facility is situated in order to be impervious to the elements, including floods, earthquakes, tornadoes, etc. Some companies are even choosing to locate their centers in underground areas.
- Control physical entry points. Your center should have only two access points: a front entrance for customers and staff and a back loading dock. If extra fire exit doors are required, build them with no handles on the outside so that they can be used only as ways to leave the building.
- Monitor everyone who comes and goes. Your team should have a complete list of everyone who is allowed access, and privileges should be revoked immediately when no longer necessary.
- Erect physical barriers such as fencing, concrete walls and even landscaping to keep undesirable traffic out.
- Use security technology, including multi-factor authentication, multiple checkpoints throughout your facility, surveillance monitoring, locks on all server cabinets and mantraps with an airlock between two separate doors, each of which requires its own authentication.
Additional data center security standards also involve conducting regular audits. These are comprised of several types of checks, including daily walk-throughs, quarterly SOC and PCI regulations compliance audits and physical checks to ensure that the environment risk is as low as possible. Be sure that you have a robust documentation policy in place that specifies rules, protocols and consequences for failure to adhere to these physical security for data centers standards.
Digital Data Security Levels
Physical controls and hardware are only one aspect of a data center. You also need to follow best practices to protect your digital layer from attack. Common strategies include the following:
- Employ an intrusion detection system to guard your center against advanced persistent threats. In order for this type of system to be effective, it requires real-time monitoring to catch abnormal events when they are occurring. These include increased service requests, the sudden appearance of large data sets that move erratically around the environment, exportation of unusually large amounts of information from the network, increased phishing attempts and odd user accessing behaviors.
- Use a building management system (BMS). This is one of the most popular of the newer technologies, and many providers find that it is a very helpful aid in providing data center security best practices. These complex systems manage all facets involved in the running of a building, including fire alarms, ventilation, access and climate control.
Because there are many connected components that can be infiltrated, security is one of the most crucial requirements. Segmenting away from the main network can help to keep the environment secure, but you should also monitor for lateral movements throughout all areas of the facility.
- Protect your network from the ground up with network-level encryption to monitor and perform analysis of all traffic occurring during data transfers. Be sure that traffic is segmented at the software level based on endpoint identity.
This strategy isolates potential threats to the subnet, preventing them from spreading or attacking other devices so that you have time to recover.
- Use a virtual firewall to protect customers from outside network activity such as packet injections. The virtual firewall is a supplement to the physical firewall that the data center provider will already have.
- Employ traditional threat monitoring and protection strategies for asset protection and minimization of vulnerabilities such as:
- Net flow analyzers and isolators;
- Spam, content, network, packet and virus filtering;
- Encrypted communications
Whether you manage a team of three or lead hundreds, the security of your business is important and must be taken very seriously. That means doing your research, finding providers, tools and a data center infrastructure that can safely and effectively meet all of your needs. Take time to understand data center security levels to ensure that the one you choose is committed to the development, implementation and constant evolution of best practices.
Remember that security is built in layers on a foundation of physical and digital integrity. Take the integrity, confidentiality and security of your data into your own hands by demanding nothing less than the best data center ecosystem for your information storage needs.