SECURITY
25
By Arturo Maqueo, Regional
Sales Engineering Director
LATAM, Flexenclosure
www.flexenclosure.com
For ultimate data centre security, technology alone is not the answer
with an ever-evolving threat on the horizon
The security of data, and in particular people’s personal
data – has been a hot topic in recent months. The EU’s
rollout of new GDPR regulations; the Cambridge Analytica
scandal; or the seemingly weekly revelations of financial
institutions or consumer service providers that have had
their databases hacked are all examples most of us will be
aware of.
Less often discussed, but just as important as the
security of our data is the security of the data centres
that house it. And at first glance, identifying, reviewing
and prioritising all the elements that a data centre must
contain in terms of security would appear to be a complex
subject, depending on myriad variables including facility
size, organisation type, service commitments, system
complexity and customer requirements – the list goes
on…
Independent of the variables mentioned above, in
my view, data centre security can be boiled down to just
two areas – physical security and operational security.
And while both of these clearly depend to a great extent
on technology, the single most important element is
the establishment of appropriate policies, processes,
operating procedures and critically, of course, actually
following them.
The unfortunate truth
Over the years I’ve seen many examples of security
– both physical and operational – being seriously
compromised through the lack of clear and well-defined
security processes and procedures. And ironically, I’ve
seen this most often in data centre facilities that had
state of the art security equipment installed.
Implementing the latest and most sophisticated
biometric access systems doesn’t, by itself, ensure that
supposedly secure areas are actually secure and that
access is fully controlled. On the contrary, I’ve witnessed
unauthorised and unsupervised personnel wander in and
out of secure areas at will. The failure here is not due to
any fault with the access control equipment itself, but to
the appropriate security protocols not being implemented
or maintained.
Protocols and procedures count
As for operational security, a standard requirement
for any modern data centre is to have redundancy
capabilities fully integrated in order to ensure continuous
operation even if disaster strikes. And for many data
centre operators’ customers, this is non-negotiable given
their dependence on the often mission-critical systems
the data centres house.
Just as with ensuring physical security, implementing
systems for fully redundant facility operation is not simply
a matter of installing more of the latest equipment.
Ensuring data centre redundancy is a hugely complex
undertaking. The initial design is clearly important, as
is the correct installation and interlinking of redundant
systems, whether for power, cooling, monitoring, or
communications. But most important of all, once
again, are the protocols and procedures that must
be implemented and followed in order to ensure that
redundant gear actually kicks into action if and when it
needs to.
Regardless of whether the data centre in question is
hyperscale or a relatively small edge facility, having the
right processes in place and the right people following
them are typically what makes the difference between,
on the one hand, a data centre’s security being fully
maintained and on the other, a catastrophic failure.
So, when securing even the most technical of
environments, technology is only part of the answer.
Without the disciplined application of associated policies
and processes, success can’t be guaranteed. After all,
the best tools are of little value without the appropriate
knowledge and experience to use them. n
www.networkseuropemagazine.com