DCN November 2016 - Page 25

security SEASONAL FEAR Greg McCulloch of Aegis Data asks whether the data centre is a hacker’s early Christmas gift. You don’t have to look far into the newspapers or industry journals to find out the latest cyber attack that has stolen users’ data, crippled servers or exposed government secrets. Yahoo has only just announced it had data from 500 million users stolen over two years ago. Whether the attacks are lone wolf hackers or ‘state sponsored’ cyber terrorists, ensuring your data centre is secure is of paramount importance. This doesn’t just apply to enterprise data centres but also colocation providers who host data from a myriad of organisations. The rapid expansion of available technologies is constantly adding an extra layer of security required to protect the data centre. Take the much vaunted Internet of Things (IoT) where everyday items will be connected to the Internet and can communicate with each other. Gartner estimates that by 2020, IoT will have 20 billion units running. One of the big issues with IoT based products is the lack of security they offer to the end user. Imagine the mischief potentially caused by a hacker getting into your IoT ready fridge and connecting to your online shopping account with your credit card details. While the impact of these actions could be disastrous to a person, what is equally troubling is where is all this sensitive information to support these devices going to be stored? The data centre has to make sure it is ready for this influx, not only in data capacity but in hosting information from unsecured devices. It wouldn’t be too much of a stretch to access an IoT ready device and hack backwards to its source to access the data centre and all the information inside. IoT devices are already responsible for crashing a series of high profile websites through distributed denial-of-services (DDoS) attacks. Volumetric attacks like DDoS attacks have primarily been targeted at DNS and web servers, but owing to the speeds and capacity of their servers, data centres are increasingly coming under the crosshairs for DDoS attacks. French data centre and hosting company OMV was recently the victim of a 1Tbps DDoS attack that crippled its services. Data centre managers need to be vigilant that the cyber threat to their site is increasing and must be taking steps to negate the opportunity for attack. While data centres should not oppose the growth of IoT thanks to the fantastic opportunities presented to them, facilities managers should be cautious of the associated risks and ensure they are safeguarded. Employing multi-layer pattern matching to help identify the threats as far from the data centre as possible is crucial in ensuring that the hackers do not gain access to the servers and the multiple customers worth of data that they store. Regular reviews Data centre operators should have a robust threat prevention system in place and review this regularly in order to evolve their security as the threats evolve as well. Those looking to partner with a third party data centre should understand the security credentials that they provide. Ensuring data centres are ISO accredited is a must, with ISO9001 and ISO27001 credentials providing a solid basis for securing data. The third party or colocation data centres are crucial for many businesses wishing to house their data in secure servers without having to worry about the associated financial and technological headaches of running an on premise site. Colocation providers can often be safer than on premise data centres as there is a stronger emphasis on security owing to multiple enterprises information stored on site. Social engineering threats, such as phishing emails are more likely to strike an on-premise data centre where the hackers can easily gain access to the network and take over the data centre from there. By using a third 25