image of data center diversity and isolation for security

Posted by & filed under List Posts.

The nonprofit Identity Theft Resource Center keeps an ongoing record of incidents involving data compromise. The information is gathered from government agency releases and articles in the press. This effort started on January 1, 2005. Between that point and February 7, 2018, the organization has logged more than 8600 breaches, with a staggering 1.07 billion records exposed. Clearly, securing a data center is a top priority.


Elements of a secure data center


Core elements that you need for data center security are:


Uninterruptible power supplies (UPS) – Backup generators and UPS systems allow you to keep your infrastructure up and running when you have a power outage – important (for one thing) so that you maintain the uptime listed in your service level agreement (SLA) with customers.


Environmental controls – Cooling is essential to data centers: if you have too much heat, your hardware will be more likely to become defective and will need to be replaced more frequently. Servers create an enormous amount of heat, so they are essentially a threat to themselves. Environmental controls keep them cool and safe. Fire suppression is another control that is needed.


Security systems – You want to have a wide range of security technologies and protocols. In terms of basic access controls, you want protections such as the somewhat awkwardly named mantraps (small rooms to isolate individuals at entry), multi-factor ID authentication, surveillance platforms, cage locks, and biometric systems. Here are four core aspects to include:


  • Surveillance: Internally, metal detectors let you know if any equipment is leaving without authorization. Externally, cameras allow you to look for unusual activity. Overall, you have a video record if there is a breach.


  • Security guards: Often organizations will employ full-time security guards to protect their data centers. These individuals can secure both the inside and outside of the building. An organization could allow these professionals to carry firearms (as some companies do) or not.


  • Single-purpose facility: A critical feature of a secure data center is that it is single-purpose rather than multipurpose. Multipurpose means that there are personnel at the facility, typically in connected offices, that are not involved in running the data center. When a data center is truly secure, it will be built in a location and designed in a manner that reflects that purpose. A purpose-built data center will be set off from roadways (in part a cushion for visibility) and have crash-proof barriers installed.


  • Access controls: You should have numerous access controls in place. Control mechanisms and protocols may include electronic access cards and biometric systems. Mantraps are typically part of the layout to stop tailgating (an unauthorized person getting into the building by trailing directly behind an authorized person). Scales are used to measure people and determine if their weight has changed since entry (in which case they might be attempting to steal hardware).


Steps to improve the security of a data center


Beyond implementation of the above elements, here are a few rather straightforward steps you can take to improve protection within any data center:


Step 1 – Phase out legacy equipment.


Both your security stance and your ability to deliver services efficiently will be negatively affected by the use of legacy hardware. Aging servers and networking components must be maintained for protection (through updates/patches) but often are not. While an older machine may seem worthwhile to keep because it is functional, it actually is a threat to the business because it is an exploitable attack vector – so while the system may function in isolation, it could lead to dysfunction for the entire business. As an indication of that vulnerability, Bill Kleyman noted for data center cooling firm Upsite, “I’ve seen both security incidents as well as data center failures happen because of older gear.”


Since aging equipment is such a major issue for the health of your infrastructure, be vigilant about understanding what hardware is currently within your data center. Check any remote facilities where you house hardware. Check for technological artifacts in your closets. Any legacy components that you do own should be fully updated; if you realize the hardware is past its prime, it should be sold, recycled, or discarded. Efficiency will be upgraded alongside your security when you take this step.


Step 2 – Consider best-in-class monitoring solutions an investment.


You will be able to integrate two key concerns, data center facility management and information technology (IT) management, with a data center infrastructure management (DCIM) system. In other words, it is critical to go beyond the computers to encompass the entire built environment – monitoring secure locations and the locks on cages and doors, for instance. This approach is very important not just for the nefarious purposes of doing damage to the system or injecting it with malware, but also to avoid theft of servers.


While DCIM will give you a great sense of ongoing performance (and any threats to reliability and availability), you will also be able to see if a cage was not secured after use, along with the person who entered the area most recently. Environmental monitoring (such as checking the temperature) is also essential to the health of the equipment. A DCIM solution will allow you to check all these elements. Similarly to legacy removal, you will better secure yourself while experiencing efficiency and sustainability gains.


Step 3 – Create your data center using your workloads as a basis.


You may think of a data center as a single set of resources – but it is actually helpful to think of it as a facility within which you can create smaller ecosystems for a diverse array of use cases. Isolation is key to security, and demarcating workloads from one another also allows you to treat each of them separately rather than with a single, one-size-fits-all approach.


For instance, you may use modular containment and other techniques to set off a system that delivers high-performance computing (HPC). You may want certain areas of the data center to be set up to handle and store critical information. Your power management may differ from one workload to another (think efficiency optimization), as may your environmental efforts. You want the equipment and monitoring to match the applicable system.


Step 4 – Embrace the value of auditing, testing, and reporting.


Testing to improve your efficiency and security can both be extraordinarily helpful and should be performed at routine intervals. Performing these tests helps ensure that you are adapting appropriately to your organization’s development – since strong data centers are continually modified to meet the needs of a growing business.


Thinking from the perspective of efficiency, you will be able to make tweaks as you rigorously study the data center’s performance. In the same way, and arguably more importantly, you want to be certain that data is kept safe through security monitoring. Through data center management tools, you can boost your efficiency levels over time by analyzing CFD (computational fluid dynamics), power consumption, and environmental aspects. From a security standpoint, you can test and audit, using tools under a wide umbrella including user privileges, system locations, and physical access.


A secure data center for your assets


Because securing data is so sophisticated and challenging on-premises, many organizations choose to host some or all their systems through an external provider. It is critical to be certain that these outside parties care about your data as much as you do. At Total Server Solutions, our system is audited using the highest standard in data security, SSAE 16 Type II. See our security commitment.