Networks Europe Issue 13 January/February 2018 - Page 29

SECURITY By Katie Moss, Global Content & SEO Manager, blancco challenges you may have overlooked and how to overcome them Achieving true, across-the-board security for your enterprise data centre can be a major challenge. Many of the same elements that make your data centre so vital to your business, including data storage, highly-connected networks and cloud infrastructure support – also increase your organisation’s potential security threats. And while hackers will always target your enterprise’s data for profit, you also need to remember other potential threats, like physical security, the Internet of Things and your own internal people, must also be managed carefully. Here are four data centre security challenges that aren’t always obvious – but must be managed effectively. Your people There’s no denying it; people are your greatest risk to data centre security. Even if you have the best technology in place and your people aren’t of the highest calibre, and many times, even if they are, your data centre will still be at risk. Employees are an important part of keeping your data centre running, so insider threats must be considered, no matter how strict your hiring processes. A recent study from Vometric found that 50% of IT security managers are concerned about security threats instigated by employees, while 43% worry about third party access to company networks and data and 38% see privileged users, such as IT admins, as risks. Renowned former hacker Kevin Mitnick further explains why people are your greatest risk to enterprise security. He writes: “All of the firewalls and encryption in the world can’t stop a gifted social engineer from rifling through a corporate database. If an attacker wants to break into a system, the most effective ap proach is to try to exploit the weakest link – not operating systems, firewalls or encryption algorithms – but people. You can’t just go and download a Windows update for stupidity… or gullibility.” To mitigate these risks, hold continuous data security training for employees across your organisation – not only in the IT department but in HR and finance etc. Teach Threat #1 Discover four hidden data centre security employees never to rely on someone’s word alone to get past security procedures or secure checkpoints i.e. “I forgot my badge,” or “I’ve been working closely with [Name].” Conduct thorough background checks, and put fail-proof physical security in place throughout your facilities. You may even consider sending ‘practice’ phishing emails to see how employees respond, or other such situational awareness training tactics. Your physical security Speaking of physical security, many organisations gloss over this element when planning their data security strategy, focusing more on cybersecurity threats. But physical security shouldn’t be an afterthought. As Jason Destein, a technology consultant for Ingram Micro’s Physical Security business unit, explains, “[Organisations] put one access control reader at the front door and think they’re safe, failing to recognise that the people working inside the data centre could be a threat.” Even if you have the best cybersecurity plans in place, it’s still possible for individuals to physically threaten your data centre(s). The best way to avoid risk is to have a good combination of both. Threat #2 Here are a few physical solutions you can put in place to prioritise physical security in your data centre(s): • • • • Alarms: these should include motion detection, breakage sensors and door sensors Access control: limit the individuals who have access to certain areas/rooms within your data centre, and use multiple forms of authentication when possible Video cameras: focus on inside and outside doors, and add at least one in each server room – preferably one per rack row Water and temperature sensors: put alerts in place if pipes burst/flooding occurs. Temperature sensors should send alerts if the air conditioning fails and the room/hardware overheats 29