How Safe is your Data Center?
A data center's crucial functions include operating and managing a company's network, storing data in a secure environment, hosting third-party applications, or a combination of two or more of these funcitons.
These functions are in place to, above all, ensure business continuity for the company (or companies) that have their environments contained in the data center. For companies to ensure business continuity, the data center needs to be secured on both a physical and network level.
Physical security includes practical maintenance measures - a proper cooling method for the systems in use, uninterrupted power supplies, and a proper construction scheme to provide enough for the center, allow expansion, and not be overly expensive. One of the most secure types of data centers are lights-out data centers, in which there's almost no need for direct contact by employees. Not having any lights, hence the name, means the systems are controlled by external, automated processes. This minimizes the risk of human accidents and makes deliberate tampering less likely. However, without proper measures for preventing data leaks and tampering, these methods are nullified.
Where physical security leaves off in a data center, network security begins. Network security has three major components: authentication, firewalls, and decoys, often called honeypots.
Authentication includes three different types: single-factor, two-factor, and three-factor. Single factor is the simplest, involving only a username and password. Two-factor involves possessions, such as a phone or an ATM card. Finally, three-factor authentication requires something a user's own body, which can be verified using retinal and fingerprint scans, among other methods.
Firewalls are a crucial and highly important component of network security, for any small, medium of large business as well as data centers. Firewalls determine what actions authenticated users are allowed to do while also curbing unauthorized access, despite the occasional failures to notice worms or Trojans being traded over the network. These problems are better countered with antivirus software, and preventative monitoring systems can keep on the watch for suspicious content or actions being taken, like denial of service attacks (DOS).
Decoys, or honeypots, are simply false vulnerabilities that are used to divert potential attackers. In the case that they are compromised, the methods of exploitation used by the hacker can be investigated and patched to prevent further unauthorized access.
Cloud security is relatively simpler, relying on different controls to secure the system. Deterrent controls prevent intentional attacks, preventative controls manage vulnerabilities, corrective controls attempt to reduce the damage caused by successful attacks, and detective controls are used to detect any attacks that may be being mounted against the system.
If your data center is managed by an external provider, identity management systems should be in place to prevent unauthorized access and to control authorized access to different clearance levels of data. An ideal data center will have physical security, network security and constant availability.