Protecting your company’s network components and the digital information they hold should be near the top of your priority list. Data center security best practices should not be taken lightly. After all, recent headlines have shown us that even data centers from the world’s biggest companies can be compromised.
So no matter the size of your company, you should be aware and establish a set of security practices to best protect all of your most important digital assets. But where should you start?
With the constant threat of network attacks and data leaks, it can be easy to forget that the physical security of a data center is just as important. If all of your servers, hard drives and other network equipment aren’t physically protected, then all of your efforts and other preventative measures are useless.
Approach Security in Layers
Organizing the way you think about security can help you better understand how effective your current practices are:
Data Center Cabinet
Cabinets actually house your IT infrastructure. The cabinet itself is typically easy to access, but more monitoring and control strategies are implemented to better prevent physical virus uploads, theft, and power/connection interruptions. Many companies control and monitor the individuals who have access, and if your other security measures are shored up, this last line of defense shouldn’t be too much of a concern.
Who has access to the room that holds all of your data equipment? Are you properly monitoring entrance points? Video feeds and biometric security measures help ensure proper protection and prevent any unauthorized entry.
Gray space is the area where data centers typically keep backend equipment like generators, switch gear, transformers, UPS, etc. Hallways and areas in the lead up to the actual data center are also potential vulnerable points, especially because it’s easy to get loose with security protocols in these areas. However, much of the building’s critical infrastructure could be located here, making it another vital security need.
Building Entrance and Reception Area
Pretty simple, how easy is it for anyone to access the building? What authorization and security measures are in place to prevent anyone from strolling right in and tampering with some of the most valuable and important parts of your business? Standard access procedures should already be in place; this is your first line of defense and should still be taken seriously as such.
Surroundings and Outside Perimeter
Where exactly is your building located? Security measures in a busy city will be quite different than those in a remote industrial park or rural area. Is your building multi-floored with shared wall-space? Are there natural, physical structures that could pose damage risks in a storm? These are all important questions you’ll need to address when building out your security plan.
Depending on the size, layout and structure of your building, you may find you break your data center security into more layers, or even consolidate where necessary. The number is not necessarily important. But taking an active role in thinking about how your security is layered and organized is definitely important.
At the end of the day, the important measures you’re taking in physical security revolve around people. Implement biometrics, man traps (rooms or areas that lockdown in the event of an attempted breach), physical locks, or camera surveillance to prevent any outside threats from easily getting where they shouldn’t.
But beyond outside threats, many of your security risks may simply fall on your own employees. Who in your company has access to important areas and what measures are in place to control that access? How effective is your company’s training? Are you consistently enforcing your security measures? All of that work in organizing your security falls by the wayside if your employees show carelessness in everyday security procedures.
Finally, it’s important to make sure that your procedures and security equipment actually works. Test all equipment regularly for performance and check for any potential holes or malfunctions. Internal audits and the use of a third-party company for security audits are also becoming more commonplace for data centers. While not necessary, audits are another great preventative tool to use and an easy practice to implement.
No matter what types of storage systems you’re using, protecting all of your assets at the network level is more at the forefront of most company’s minds. Malware, viruses, leaks, hackers, and other online threats are a constant risk for data centers today. These days most network equipment and server software that data centers are using come standard with high-end security built to integrate seamlessly. But that doesn’t mean you don’t need to take an active role in better understanding the best ways to protect your systems.
For instance, continuously monitor everything in your data center at the network level. Your security tech should work at the network level as well (not the server). Additionally, your products should all be from the same family or company, to make general integration and building the network infrastructure easier. It will also make it simple and more consistent to monitor assets and manage any risks. Plus it provides a recognizable trail to follow for security audits.
It’s a Trap!
Protect your data center’s endpoints by installing traps directly to every end point. While any firewalls you have in place will help protect your company from attacks that cross the network, any attacks on endpoints won’t actually cross into the network or traverse a firewall. Therefore install traps on every endpoint to further repel unwanted threats.
You need to be able to see and assess any threat. That means decrypting all data center traffic to help expose malware campaigns. Encrypted traffic is only going to increase in the future. Stay one step ahead and ensure you have the proper firewalls in place to monitor and decrypt any traffic.
Also protect your data center servers from any malicious internet traffic. Any third-party clients or partners could also be at risk if your server is vulnerable and exploited.
The security measures you take are going to vary based on your company and data center’s size, location, the type of storage hardware you’re using, and a myriad of other factors. However, general security best practices are going to remain fairly constant. You can adapt plans and strategies to fit your needs, but the important thing is taking an active role in the safety of vulnerable company, partner, and client data.
It’s also important to note that in the event of a data center decommission, there are vital security measures to take into account to ensure your used hardware and equipment is properly sold, erased, or disposed of. And as a leader in IT Asset Disposition, Exit Technologies can help.
Have something to add? Let us know your thoughts in the comments below!