DATACENTER SECURITYJune 12, 2015
Data center security refers to the physical practices and virtual technologies used to protect a data center from external threats and attacks. A data center is a facility that stores IT infrastructure, composed of networked computers and storage used to organize, process, and store large amounts of data. For private companies moving to the cloud, data centers reduce the cost of running their own centralized computing networks and servers. Data centers provide services such as data storage, backup and recovery, data management and networking. Because data centers hold sensitive or proprietary information, such as customer data or intellectual property, sites have to be both digitally and physically secured.
How to secure a data center
Data centers are complex and to protect them, security components must be considered separately but at the same time follow one holistic security policy. Security can be divided into physical and software security. Physical security encompasses a wide range of processes and strategies used to prevent outside interference. Software or virtual security prevents cyber criminals from entering the network by bypassing the firewall , cracking passwords, or through other loopholes.
A data center building’s most obvious security characteristics are related to design and layout. The building itself may be designed as a single-purpose or multipurpose unit, the latter of which operates as a shared space and may house businesses unrelated to the data center. A data center building is usually built away from major roads in order to establish buffer zones made up of a combination of landscaping and crash-proof barriers.
Access into a data center facility is fairly limited. Most do not have exterior windows and relatively few entry points. Security guards inside the building monitor for suspicious activity using footage from surveillance cameras installed along the outside perimeter. Visitors may use two-factor authentication to enter the building, including scanning personal identity verification (PIV) cards and entering a personal passcode. Employee badge readers and biometric systems, such as fingerprint readers, iris scanners and facial recognition, may also be used to permit entry.
Hacking, malware and spyware are the obvious threats to data stored in a data center.
A security information and event management tool (SIEM) offers a real-time view of a data center’s security posture. A SIEM helps provide visibility and control into everything from access and alarm systems and sensors on the perimeter fence.
Creating secure zones in the network is one way to layer security into the data center. Administrators can split networks into three zones: a test area with a great deal of flexibility, development zone with a slightly more stringent environment, and a production zone with only approved production equipment.
Before applications and code are deployed, certain tools may be used to scan them for vulnerabilities that can be easily exploited, and then provide metrics and remediation capabilities. Code may be run through a scanner to check for buffer overflows or other vulnerabilities. With the rise of cloud computing, visibility into data flows is a necessity, since there could be malware hiding inside of otherwise legitimate traffic.