Data centre security matters

Keeping your data safe also means protecting the data centre in which you keep it.

Johannesburg, 20 Jun 2018
Devaksha Maharaj, System Engineer, Rittal.
Devaksha Maharaj, System Engineer, Rittal.

In business, data about the company, its clients or its products is as important as the service or solution it markets. It's been said before, data is the new currency, the new oil, name it what you will. Data is power.

The repository for this valuable data, the data centre, thus represents the heart of the business, and as such, forms part of any organisation's critical IT infrastructure. Data protection has quickly risen to the top of the organisation's priority list, as people around the world continue to witness or experience data breaches of increasing magnitude and complexity.

To make businesses accountable for protecting their employee and customer data, the European Union implemented the General Data Protection Regulation (GDPR) on 25 May this year. The GDPR defines the standards around data protection for all organisations that have access to the personal data of EU citizens. It sets out rules around how companies manage, share and store personal data, says Devaksha Maharaj, System Engineer at Rittal.

In theory, the GDPR only applies to EU citizens' data, but the global nature of business today enabled by the Internet means nearly every online service is affected, and the regulation has already resulted in significant changes for users in the United States as companies scramble to comply.

Data centre threats

Maharaj says the risk to data and IT infrastructure comes from a broad spectrum of threats with a broad range of capabilities. "The impact on an organisation, as well as the damage that results, will depend on three things: the opportunities that are presented to an attacker by vulnerabilities within the systems, the capabilities of the attackers to exploit these, and the motivation for carrying out an attack."

Maharaj says the advent of the Internet of things is proving to be a double-edged sword in terms of data security. "IT and IT infrastructure have a key role to play in the success of Industry 4.0, as they provide the enabling technology. However, the advantages that the IOT offers must be balanced against the risk to IT security posed by a production environment. It will be necessary to manage a diverse range of communication participants as well as process increasingly large quantities of data. It is not just IT issues that need to be considered in the context of Industry 4.0, but also the necessary IT infrastructure."

Physical threats to IT infrastructure, including the data centre, include fire, water (flooding), dust and corrosive gases. However, over and above these, data centres are vulnerable to various types of attack, including explosions, vandalism, unauthorised access, theft or burglary and electromagnetic interference.

The good news, says Maharaj, is that businesses can take steps to protect their data centre against both accidental and malicious threats. However, she cautions that businesses should regularly review their security measures to make sure they are current and effective.

She lists the following measures businesses should implement to protect their existing data centres:

1. Risk management regime: be aware of the security threats and know what to do should one occur.
2. Secure configuration: failure to manage the proper configuration of your servers can leave your data centre vulnerable to attack.
3. Network security: required to keep external people (ie, cyber criminals) from accessing your data and ensuring internal users only access authorised data.
4. Managing user privileges: outlines who can access and/or change which data.
5. User education and awareness: inform users about what threats are possible and how to deal with them.
6. Incident management: what to do in the event of a successful attack.
7. Malware prevention: don't download or click on anything that is unknown.
8. Monitoring: get immediate notification of an attempted breach.
9. Policy on removable media: controls must be implemented to prevent the loss of data or the introduction of malware.

Finally, Maharaj says businesses can also consider options such as micro data centres, security rooms (where a high level of security is required) and containerised data centres to keep their valuable data secure. "Your data centre is basically the vault in which you keep your business's most precious commodity. Without data, most businesses can't function. It makes good business sense to keep it as secure as possible."