Datacentre Security Standards
by Ross Gavey, Head of Data Centre Partnerships
When we think about IT and data security, we tend to focus on the digital threats from cybercriminals, but alongside those threats are the often-overlooked physical elements of protection and the stopping of unauthorised people gaining access to your datacentre, systems, and IT. Both are highly relevant in today’s digital economy, and we’ve taken a look at the types protective action needed guard against such breaches.
What is Datacentre Security
Both digital and physical datacentre security procedures must be in place by all organisations running infrastructure that uses and stores sensitive and private data - and this applies to all service providers, IT partners, public sector organisations, and private enterprises running their own systems.
The International Standards Organization (ISO) and the Telecommunication Industry Association are two professional groups that provide guidelines and security best practice, where staying ahead of existing standards is highly recommended. Failure to implement adequate levels of both digital and physical security leaves organisations vulnerable to damaging legal consequences in the event of a security breach.
New guidelines from the National Cyber Security Centre (NCSC) and the Centre for the Protection of National Infrastructure (CPNI) help us to understand and mitigate against potential security vulnerabilities, and Sure’s datacentre and security services adhere to all these guidelines.
Datacentre Physical Security
The following areas should be considered when planning the prevention of physical attacks:
- Is the datacentre in a secure area and a low-risk geographical location?
- How accessible and resilient are your communication network carriers and power providers?
- How secure is you access control system, and do you have an anti-tailgating/anti-pass-back measures that permit only one person to enter at a time?
- Is it a manned or automated security access point, and a single-entry point into the facility?
- Safety, security and authenticated access to the server / rack room should always be monitored with options including:
- closed-circuit television (CCTV) camera surveillance with retained footage.
- Onsite 24×7 security and manned operations system with tech back-up.
- Scheduled hardware review and maintenance checks.
- Regular checking and monitoring of access rights & augmenting as required.
- Controlling and monitoring temperature and humidity through air conditioning and cooling systems.
- Back-up, uninterruptible power supply (UPS) in place.
- Robust and regularly checked fire, smoke detection, and water leakage alarm and protection system in server room.
- Rodent repellent system to protect against damage to servers and wires.
Datacentre Digital Security
A constant focus on cybersecurity is essential nowadays as organised criminals and state sponsored hackers routinely target our systems to steal valuable information and disrupt our way of life. Applications and systems operating on physical datacentre and cloud-based platforms must have the highest levels of protection against the threats that constantly emerge.
Key digital security measures should include:
- Protecting systems and applications from unauthorised access or modification – rigorous management of access reduces opportunities for malicious interference.
- Monitoring systems and services used by the workforce - continuous management of behaviours and the security status of all services and devices is highly recommended.
- Regularly reviewing and improving cyber security protection - test and verify regularly, ensuring security updates are made immediately available.
- Preparing to respond to external events - planning for failures, vulnerabilities, and unforeseen incidents, ensuring business continuity plans exist and are regularly reviewed and tested.
- Enabling people to manage their risks – educating and equipping users with the tools and information needed to support organisational vigilance against cybercrime.
Protecting information and data is a responsibility that all organisations have, and failing to do so risks massive financial and reputational consequences. The methods criminals use to compromise security are both physical and digital, and by viewing datacentre security holistically, organisations can better safeguard their data and business operations.
In this period of economic and geopolitical uncertainty, there is no better time to review all aspects of datacentre security. Sure’s ultra-high bandwidth, highly secure, hyper-connected and fully resilient Tier III datacentre services in Guernsey and Jersey are directly and separately linked to the global networking backbone, and our Professional Services experts will help you create a fully secure, resilient, and ultra-fast IT infrastructure for your organisation.
Related articles
Welcome Dominic Barnes: New Sales Account Director in Jersey
We spoke to new Sales Account Director in Jersey and heard about his plans at Sure Business
A Career in Tech: Callum Gill on his route to Sure Business
Hear from Callum about his career so far, and why keeping up with the latest technology is vital to his dynamic role.
Decoding the Future: Unravel the legal and ethical tapestry of AI
We spoke to one of our professional services consultants, Malcolm Mason and asked for his insight and guidance on the transformative power of AI.