The changing face of data security
IT departments are today expected to secure data in a way that enables it to still be shared on demand. Hosting it with a specialist data centre provider makes this approach simpler.
The rise of the digital age has led to a fundamental change in the nature of IT as a whole. During the mainframe era, for example, the original goal of IT was to store data and this meant that the job of IT services was to ensure that company information was properly secured. In the current information age, this job description has changed significantly, as the main job of IT is to ensure that data is available to be shared, as required.
No longer is the aim essentially to hide data away, but rather to facilitate its availability to a much wider audience, whenever they need to use it, explains Stephane Duproz, CEO of Africa Data Centres. Today, IT needs to get the right information to the right person, at the right time.
“This is a 180-degree flip from a past that was essentially focused on putting walls around the data; now for IT to be able to fulfil its mandate, it needs to be able to make the data available on demand. This is particularly crucial since COVID-19 has encouraged a massive increase in people working from home, but who all still need access to corporate information. It is for this reason that it is now necessary to secure IT in a different manner. Instead of focusing on securing the asset, the right approach today is to secure the process,” he says.
“Specialist data centre providers understand that there are two key legs to a security strategy, namely digital and physical security. When we talk digital, we mean securing the data via things like firewalls, anti-virus programs and other cyber security measures. None of these fall within such a service provider’s domain. In these data centres, the customer remains in total control of their IT – it is much the same as if the client’s servers sat in their own basement, except with even better physical security.”
And this is the crux of the issue, points out Duproz, as even if the customer puts together the best digital security ecosystem, if their servers crash due to a lack of power, for example, they would still be unable to fulfil their mission of making data available.
“It is when considering a scenario like this that physical security’s importance must be recognised. Physical security is more than simply access control and identity management – although this is obviously part of it. Such an approach is also about operational security, namely ensuring that uninterrupted service can be delivered and that customer operations can continue 24/7/365.
“Professional data centre service providers are highly advanced when it comes to enabling uninterrupted power and cooling, because this really is their core business. The same goes for any other aspects of physical security.”
In fact, he points out that perimeter security, identity and access management, and various other security processes form part of a physical security net to ensure that anyone entering the data centre is exactly who they say they are. Even when allowed in, there remain significant biometric controls in place, thereby ensuring the visitor only goes where they are allowed to.
“Finally, whether the customer requires an individual hosting room, or a single server rack, these will all be secured according to best practice. And of course to complete the security strategy, a professional data centre will have hundreds of cameras providing an additional layer of safety as well.
“Apart from ensuring the physical security of the customers’ servers, a professional data centre provider will also undertake security assessments with them to make certain that their digital security processes are as good as they can be. In this way, they are able to work with the customer to ensure they are able to optimise their complete security strategy,” concludes Duproz.