Story image

Data centre security: Technology alone is not the answer

20 Jun 2018

Article by Flexenclosure regional sales engineering director LATAM Arturo Maqueo

The security of data – and in particular people’s personal data – has been a hot topic in recent months.

The EU’s rollout of new GDPR regulations; the Cambridge Analytica scandal; or the seemingly weekly revelations of financial institutions or consumer service providers which have had their databases hacked, are all examples most of us will be aware of.

Less often discussed but just as important as the security of our data, is the security of the data centres that house it. And at first glance, identifying, reviewing and prioritising all the elements that a data centre must contain in terms of security would appear to be a very complex subject, depending on myriad variables including facility size, organisation type, service commitments, system complexity, customer requirements, the list goes on…

However, independent of the variables mentioned above, in my view data centre security can be boiled down to just two areas – physical security and operational security.  And while both of these clearly depend to a great extent on technology, the single most important element is the establishment of appropriate policies, processes and operating procedures – and critically, of course, actually following them.

Unfortunately, over the years I have seen many examples of security – both physical and operational – being seriously compromised through the lack of clear and well-defined security processes and procedures. And ironically, I have seen this most often in data centre facilities that had state-of-the art security equipment installed.

For example, implementing the latest and most sophisticated biometric access systems does not, by itself, ensure that supposedly secure areas are actually secure and that access is fully controlled. On the contrary, I have witnessed unauthorised and unsupervised personnel wander in and out of secure areas at will. The failure here not being due to any fault with the access control equipment itself but to appropriate security protocols not being implemented or maintained.

As for operational security, a standard requirement for any modern data centre is to have redundancy capabilities fully integrated in order to ensure continuous operation even if disaster strikes. And for many data centre operators’ customers, this is non-negotiable, given their dependence on the often mission-critical systems the data centres house.

However, just as with ensuring physical security, implementing systems for fully redundant facility operation is not simply a matter of installing more of the latest equipment. Ensuring data centre redundancy is a hugely complex undertaking. Initial design is clearly important, as is the correct installation and interlinking of redundant systems, whether for power, cooling, monitoring, or communications. But most important of all, once again, are the protocols and procedures that must be implemented and followed in order to ensure that redundant gear actually kicks in to action if and when it needs to.

Regardless of whether the data centre in question is hyperscale or a relatively small edge facility, having the right processes in place and the right people following them are typically what makes the difference between, on the one hand, a data centre’s security being fully maintained and on the other, a catastrophic failure.

So when securing even the most technical of environments, technology is only part of the answer. Without the disciplined application of associated policies and processes, success cannot be guaranteed. After all, the best tools in the tool box are of little value without the appropriate knowledge and experience to use them.

Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
Opinion: Meeting the edge computing challenge
Scale Computing's Alan Conboy discusses the importance of edge computing and the imminent challenges that lie ahead.
Alibaba Cloud discusses past and unveils ‘strategic upgrade’
Alibaba Group's Jeff Zhang spoke about the company’s aim to develop into a more technologically inclusive platform.
Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."