Datacentre Security Standards
by Ross Gavey, Head of Data Centre Partnerships
When we think about IT and data security, we tend to focus on the digital threats from cybercriminals, but alongside those threats are the often-overlooked physical elements of protection and the stopping of unauthorised people gaining access to your datacentre, systems, and IT. Both are highly relevant in today’s digital economy, and we’ve taken a look at the types protective action needed guard against such breaches.
What is Datacentre Security
Both digital and physical datacentre security procedures must be in place by all organisations running infrastructure that uses and stores sensitive and private data - and this applies to all service providers, IT partners, public sector organisations, and private enterprises running their own systems.
The International Standards Organization (ISO) and the Telecommunication Industry Association are two professional groups that provide guidelines and security best practice, where staying ahead of existing standards is highly recommended. Failure to implement adequate levels of both digital and physical security leaves organisations vulnerable to damaging legal consequences in the event of a security breach.
New guidelines from the National Cyber Security Centre (NCSC) and the Centre for the Protection of National Infrastructure (CPNI) help us to understand and mitigate against potential security vulnerabilities, and Sure’s datacentre and security services adhere to all these guidelines.
Datacentre Physical Security
The following areas should be considered when planning the prevention of physical attacks:
- Is the datacentre in a secure area and a low-risk geographical location?
- How accessible and resilient are your communication network carriers and power providers?
- How secure is you access control system, and do you have an anti-tailgating/anti-pass-back measures that permit only one person to enter at a time?
- Is it a manned or automated security access point, and a single-entry point into the facility?
- Safety, security and authenticated access to the server / rack room should always be monitored with options including:
- closed-circuit television (CCTV) camera surveillance with retained footage.
- Onsite 24×7 security and manned operations system with tech back-up.
- Scheduled hardware review and maintenance checks.
- Regular checking and monitoring of access rights & augmenting as required.
- Controlling and monitoring temperature and humidity through air conditioning and cooling systems.
- Back-up, uninterruptible power supply (UPS) in place.
- Robust and regularly checked fire, smoke detection, and water leakage alarm and protection system in server room.
- Rodent repellent system to protect against damage to servers and wires.
Datacentre Digital Security
A constant focus on cybersecurity is essential nowadays as organised criminals and state sponsored hackers routinely target our systems to steal valuable information and disrupt our way of life. Applications and systems operating on physical datacentre and cloud-based platforms must have the highest levels of protection against the threats that constantly emerge.
Key digital security measures should include:
- Protecting systems and applications from unauthorised access or modification – rigorous management of access reduces opportunities for malicious interference.
- Monitoring systems and services used by the workforce - continuous management of behaviours and the security status of all services and devices is highly recommended.
- Regularly reviewing and improving cyber security protection - test and verify regularly, ensuring security updates are made immediately available.
- Preparing to respond to external events - planning for failures, vulnerabilities, and unforeseen incidents, ensuring business continuity plans exist and are regularly reviewed and tested.
- Enabling people to manage their risks – educating and equipping users with the tools and information needed to support organisational vigilance against cybercrime.
Protecting information and data is a responsibility that all organisations have, and failing to do so risks massive financial and reputational consequences. The methods criminals use to compromise security are both physical and digital, and by viewing datacentre security holistically, organisations can better safeguard their data and business operations.
In this period of economic and geopolitical uncertainty, there is no better time to review all aspects of datacentre security. Sure’s ultra-high bandwidth, highly secure, hyper-connected and fully resilient Tier III datacentre services in Guernsey and Jersey are directly and separately linked to the global networking backbone, and our Professional Services experts will help you create a fully secure, resilient, and ultra-fast IT infrastructure for your organisation.
Contact us to find out how we can help you
and your business today
It’s not about predicting the future, but making it possible
Our Chief Technical information Officer Cyrille Joffre shares his highlights from the recent MWC in Barcelona.
Cyber Security tips for small businesses
We look at the main security risks for small businesses, and what they can be doing to increase protection against attacks.
Guernsey SASIG event highlights
Latest ransomware tactics, hybrid Clouds and more discussed at Guernsey security forum. Iain Davidson, Head of Enterprise Products at Sure Business, was in attendance and shares his insights on an important event.