SECURITY
By Katie Moss, Global Content
& SEO Manager, blancco
www.blancco.com
challenges you may have overlooked
and how to overcome them
Achieving true, across-the-board security for your
enterprise data centre can be a major challenge. Many of
the same elements that make your data centre so vital to
your business, including data storage, highly-connected
networks and cloud infrastructure support – also increase
your organisation’s potential security threats. And while
hackers will always target your enterprise’s data for profit,
you also need to remember other potential threats, like
physical security, the Internet of Things and your own
internal people, must also be managed carefully. Here are
four data centre security challenges that aren’t always
obvious – but must be managed effectively.
Your people
There’s no denying it; people are
your greatest risk to data centre security. Even if you have
the best technology in place and your people aren’t of
the highest calibre, and many times, even if they are, your
data centre will still be at risk. Employees are an important
part of keeping your data centre running, so insider threats
must be considered, no matter how strict your hiring
processes.
A recent study from Vometric found that 50% of IT
security managers are concerned about security threats
instigated by employees, while 43% worry about third
party access to company networks and data and 38% see
privileged users, such as IT admins, as risks. Renowned
former hacker Kevin Mitnick further explains why people
are your greatest risk to enterprise security. He writes: “All
of the firewalls and encryption in the world can’t stop a
gifted social engineer from rifling through a corporate
database. If an attacker wants to break into a system, the
most effective ap proach is to try to exploit the weakest link
– not operating systems, firewalls or encryption algorithms
– but people. You can’t just go and download a Windows
update for stupidity… or gullibility.”
To mitigate these risks, hold continuous data security
training for employees across your organisation – not only
in the IT department but in HR and finance etc. Teach
Threat #1
Discover four hidden data centre security
employees never to rely on someone’s word alone to get
past security procedures or secure checkpoints i.e. “I forgot
my badge,” or “I’ve been working closely with [Name].”
Conduct thorough background checks, and put fail-proof
physical security in place throughout your facilities. You may
even consider sending ‘practice’ phishing emails to see how
employees respond, or other such situational awareness
training tactics.
Your physical security
Speaking of physical security,
many organisations gloss over this element when
planning their data security strategy, focusing more on
cybersecurity threats. But physical security shouldn’t be an
afterthought. As Jason Destein, a technology consultant
for Ingram Micro’s Physical Security business unit, explains,
“[Organisations] put one access control reader at the front
door and think they’re safe, failing to recognise that the
people working inside the data centre could be a threat.”
Even if you have the best cybersecurity plans in place, it’s
still possible for individuals to physically threaten your
data centre(s). The best way to avoid risk is to have a good
combination of both.
Threat #2
Here are a few physical solutions you can put in place to
prioritise physical security in your data centre(s):
•
•
•
•
Alarms: these should include motion detection,
breakage sensors and door sensors
Access control: limit the individuals who have access to
certain areas/rooms within your data centre, and use
multiple forms of authentication when possible
Video cameras: focus on inside and outside doors, and
add at least one in each server room – preferably one
per rack row
Water and temperature sensors: put alerts in place
if pipes burst/flooding occurs. Temperature sensors
should send alerts if the air conditioning fails and the
room/hardware overheats
www.networkseuropemagazine.com
29