Prioritising Data Centre Security
It takes a whole host of resources and knowledge to address the complexities of data centre security. Preventing attacks and securing operations require a substantial budget to keep pace with existing and future challenges. A report from Markets and Markets predicts that data centre security spending will reach $13.77 billion (£10.15 bn) next year. More than 34% of CIO.com’s 2020 State of the CIO respondents agree, indicating that security and risk management is already “the number one driver of IT spending”.
Increased spending indicates the need for ongoing protection against cyber attacks. In 2019, research conducted by the Ponemon Institute reported that the average breach cost $3.92 million (£2.89 mn). Reducing security threats, outages and downtime means that profits and reputations are saved.
Companies must be prepared to invest in the people, processes and technology needed to protect data centres from security breaches.
Read on to learn more about:
- Fundamentals of security for on-premises and cloud data centres
- On-premises vs. cloud security comparison
- Data centre security requirements and standards/best practices
- How to implement data centre defence
- Top 8 on-premises & cloud security controls
- What does the future of data centre security hold?
Compare & Contrast: On-Premises vs. Cloud Service Security
The on-prem versus cloud security debate continues within the data centre industry. The differences range from minor to substantial, but both on-prem and cloud advocates can agree that countless protections and threats exist in both environments. Beyond focusing solely on meeting IT security priorities, the question is: which is more secure for my organisation and its business objectives?
On-Prem Security
PROS
Increased Control
More control over security is retained when a company manages services with its own on-prem servers.
Infinite Customisation
On-Premises serves to allow network customisation that is tailor-made for a company’s needs.
More Reliable
On-prem servers do not rely on an Internet connection.
Quicker Learning Curve
The majority of IT professionals are better equipped to build security processes in this environment.
Lower Total Cost Of Ownership (TCO)
On-prem servers may require a larger upfront investment in hardware and installation, but in the long run, security is less expensive to maintain with a third-party support strategy.
CONS
Timely To Scale
Procurement of IT hardware can take time and research to scale security for on-prem data centres.
Increases The Need For On-Site Security
Without the right team and safety controls in place, some businesses may be more vulnerable to physical threats such as damage to physical property.
Security In The Cloud
PROS
Easier To Scale
Expanding storage for data in the cloud is as straightforward as upgrading a cloud storage package.
Faster Set-Up
Cloud-based security is more automated, which means that set-up takes minutes rather than days.
Flexible Pricing Structure
Cloud computing often has a more flexible pricing structure with “pay-as-you-grow” fees.
CONS
Increased Vulnerabilities
The cloud’s larger attack surface can make it particularly vulnerable to cyberattacks.
Limited Control
An issue with one cloud-based data centre customer could compromise another customer’s data.
Limited Customisation
Traditional monitoring and security tools do not always work in cloud environments.
Regulation Issues
Some regulations require that the shared responsibility of multi-tenant hardware is not used.
More Expensive
Cloud computing often has a more flexible pricing structure with “pay-as-you-grow” fees, but is less predictable for forecasting unforeseen costs and is more expensive in the long term.
“The biggest challenge to data center security today is not physical threats but rather cyber threats. The proliferation of applications and burgeoning mounds of intellectual property and private information often governed by regulators—makes data centers a central target for cybercriminals and even nation-states…the cyber-attack surface for the data center is expanding and becoming increasingly harder to defend.
These threats can target physical devices and systems used to manage cooling and video surveillance, among others. They can also target personnel through spear phishing, gaps in authentication protocols, and other malicious means.”
– Digital Reality
Data Centre Security Requirements & Standards
The requirements should be reviewed to understand how they will ensure and impact data centre safety. Many industries demand unique security standards involving a formal third-party auditing process to demonstrate compliance. Alhough complying with standards and requirements with all their details and steps appears daunting, these established best practices do shape a security response that can protect you from potential harm, downtime and data loss.
Recently one of our internal tools showed user readable data still resided on the disk platters even after completing an OEM documented procedure for zeroing out storage media. In response, we developed our own additional processes to ensure that data is being destroyed correctly. We not only follow NIST procedures, we also verify results.
Industry security standards include:
- NIST 800-88 Guidelines for Media Sanitization
- HIPAA in healthcare
- FERPA in educational institutions
- PCI DSS for credit cards
- ISAE 3402 for data center financial reporting
- ISO 27001 Information Security Management System
- Standard – most widely accepted certification for supporting information security, physical security and business continuity
Regardless of the industry, IT professionals should at a minimum be familiar with data centre tiers and the kill chain standards. The Uptime Institute’s Tier Classification System serves as a benchmark for ensuring maximum uptime. Lockheed Martin’s six-step Cyber Kill Chain® helps to align defence strategies against cybercriminals.
Implementing Data Centre Defence
To protect data centres from new and expanding threats, IT leaders should layer security defences for overlapping on-premises and cloud-based environments. Layering is a relatively simple concept. The idea is that any individual should be forced to breach several layers of security before they reach data. In doing so, the “Zero Trust” framework is upheld: everyone is subject to the same high level of scrutiny.
Top Priority: Strengthening Security & Privacy
According to our 2021 Data Centre & Infrastructure Report, 48% of respondents identified strengthening security and privacy as a top priority.
What Does the Future of Data Centre Security Look Like?
Cloud technology is trending now, but factors such as rising costs and security vulnerabilities are having an impact on its adoption. With more experience and a better understanding of the pros and cons, IT leaders are looking to a hybrid model for bringing together the scalability of the cloud with the control of on-premises data centres.
