What is Data Centre Security Best Practice?

What is data centre security? Data centres are facilities that store IT infrastructure, typically consisting of networked computers and storage used to manage, process and store large volumes of data. Data centre security is a set of practices, precautions, policies, and digital and physical support systems, that together protect data centre operations, data and applications from harm.

Industry standards support these processes, helping ensure that data remains both secure and highly-available across data centre design, construction and maintenance processes and across the entire data centre lifecycle.

Why data security is important?

Data is arguably an organisation’s most valuable asset. Protecting it helps ensure the integrity of data and keeps it out of the hands of rivals. It also ensures that the organisation itself can easily access data and use it to drive business advantage and competitive edge. Security threats are evolving all the time. Bad actors are better-equipped and more highly-skilled at attacking network infrastructures than before. If data falls into the wrong hands, businesses will likely suffer reputational damage, receive fines from the regulator and may lose customers and miss commercial opportunities.

What are the main data centre security threats facing data centres?

Given their critical role in society, data centres can face many security threats. However, the main data centre security threats can be grouped into two categories: physical security attacks on infrastructure and cyber-attacks.

Most data centres are made up of three main constituent parts: compute, network capability and storage. A successful attack against any part of this architecture will adversely affect data centre security, performance and availability.

Today’s data centres typically have defences in place against infrastructure exploits of these kinds. The use of redundancy can help to eliminate single points of failure and, by doing so, increase uptime rates. Therefore the approach makes it more challenging for would-be attackers to disrupt hosted applications.

Additionally, data centres often have support infrastructure, designed to address natural events and attacks that can disrupt access to services. This infrastructure typically includes building security systems, climate control, fire suppression systems and uninterruptible power supplies.

Cyber-attacks on data centres can take many forms and can target both physical and virtual entry points into the data centre which is why having robust data centre security solutions and physical security standards is critical.

The most common cyber-attacks are:

• Phishing engineering attacks – These cyber-attacks, often carried out via email, use social engineering techniques to imitate a trusted source and make up a supposedly logical scenario for handing over log-in details or other sensitive personal information.

• Ransomware – This is a subset of malware in which the data on a victim’s computer is locked, usually by encryption, and payment demanded before the ransomed data is decrypted and access returned to the victim.

• IoT-based attacks – These effectively take place whenever an Internet of Things (IoT) system is compromised. Cybercriminals aim to steal information from users, networks and devices across an IoT-based infrastructure.

• Internal attacks – These attacks occur when an individual or group within an organisation tries to disrupt operations or exploit organisational assets. Examples include employee sabotage and theft of data or equipment.

• Security vulnerabilities and bugs – These are defects in the system which have the potential to be exploited to allow cyber attackers to gain unauthorised access to a network or system.

Data centre security best practice

To protect against data centre security threats, operators should follow the below data centre security practices to mitigate digital and physical data centre security risks.

It is crucial that data centres are protected against physical threats to core components. Controls here typically include choosing a secure location, physical access and the implementation of a secure building management system.

• Secure location – All data centres should be located in a secure location. This typically includes ensuring they are based in areas that are not susceptible to natural disasters such as fires, floods or earthquakes. They should also have limited entry points and physical barriers in place to prevent forced entry of any sort.

• Physical access controls – When it comes to controlling physical access, many data centres today implement a multi-layered defence-in-depth approach. Typically, this would consist of access controls being executed across each layer. Biometric scanners could be deployed to control entry to the site. Security personnel could then be deployed to ask for photo identification and sign-in verification. Access to each zone within the data centre may then require further verification. Video surveillance can then also be used to monitor all protected areas of the site continuously.

• Secure data centre building management system – Every point of access into the data centre needs to be secured. This typically includes securing the systems that manage the building from heating and ventilation systems to elevators and IoT devices. It also means segmenting building systems and Wi-Fi networks to prevent ‘lateral movement’ and continuously monitoring the network to watch for the addition of new IoT devices.

As well as physical data centre security standards and practices, data centres also need to prevent against digital security threats. This will typically include implementing tailored solutions and data centre IT security access controls.

• Prevent credential theft – Businesses must ensure employees leverage multifactor authentication (MFA) across their networks and train employees about how to avoid falling victim to phishing and spear-phishing scams.

• Prevent vulnerability exploitation – Organisations to patch vulnerable applications and systems and deploy an intrusion prevention system to virtually patch these when physical patches are not available. This approach can also be used to detect exploits against the domain name system (DNS) infrastructure or any attempts that have been made to use DNS to get round security protections.

• Secure the supply chain – Businesses should be able todetect and prevent sophisticated supply chain attacks using AI and ML-backed threat prevention and endpoint detection and threat and extended detection and response technologies.

• Protect against DDoS attacks – Companies can make use of both on-premises and cloud-based DDoS protections to mitigate the impact of attacks.

• Deploy web application and API protection – This approach allows business users to protect apps and APIs deployed across clouds and edge sites.

• Protect sensitive data – Organisations can safeguard data at rest, in use, and in transit using data loss prevention (DLP) technologies, VPNs and encryption.

• Secure development pipelines – Enterprises must put secure coding and DevSecOps best practices in place.

• Use cloud-native security solutions – Organisations can leverage the approach to secure microservices, containers and workloads.

• Implement network segmentation – Network segmentation supports enforcement of least privilege access under the zero-trust security model. In addition to that, it also prevents lateral movement.

• Adhere to data centre security standards – Organisations should ensure that they meet data centre security standards such as System and Organisation Controls (SOC 1), SOC 2 and SOC 3.

Data centre security with Telehouse

Telehouse is committed to maintaining ISO international standards that meet the needs and expectations of customers and stakeholders and follow the changes in their markets. Customer equipment and data are protected at Telehouse by 360-degree perimeter fencing, dedicated 24/7 security, comprehensive access control and CCTV coverage, as well as a wide range of high-quality data centre security processes and systems.