With cyber security expected to top $101 billion by 2018, the tendency for data centre managers to focus on updating cyber security practices is understandable, especially as technology and threats are ever changing. Moving the focus to cyber security should not be done at the expense of physical security, says colocation provider, according to Greg McCulloch, CEO of Aegis Data. Physical security is still a vital factor that must be taken into account, especially during the development phase.
Data centre operators must find a fine balance when it comes to security spending between physical and cyber security. A cyber attack can cost an organisation millions of pounds in damages, lost data and a ruined reputation, with an estimated £16 billion lost in the UK annually. A physical attack however, in addition to the loss of data, can result in infrastructure damage and the potential for harm or serious injury to staff. While physical attacks are less likely owing to the personal investment and risk on the part of the attackers, data centre operators should not become complacent.
“Whilst cyber security is of paramount importance when it comes to data centres, the majority of this protection is unseen, hidden in lines of code and firewalls. It can be stressed to the client the multiple layers of cyber security but all of this is intangible. Physical security features however are much more likely to impress and reassure prospective and existing clients that their data is safe,” says McCulloch.
“For the facility itself, layers of security are important. With everything from barriers in car parks, to securely locked doors and guarded stations, the more layers that a centre can provide between the individual and the data hall the greater the likelihood of reducing the risk of a physical breach.
“Typically, eight layers and upwards is ideal with a combination of personnel barriers like guard posts, physical barriers such as locked doors requiring biometric scans and security barriers like man traps in the event of a breach. These should all be installed in and around the data hall. For colocation providers storing multiple clients’ data, each server should be locked and access to these should be provided only to authorised personnel.”
McCulloch concludes: “There is lots to be done to make a data centre more secure. CCTV, security barriers, biometric scanners are all obviously important features, but nothing makes up for the presence of a human element within the building 24/7/365. Having a team that can be trusted with the security of the site and the protection of the data stored within will often provide an added level of trust for both clients and data centre providers ensuring the safety of information.
“There is often concern among organisations worried that their data is being stored off site, away from their direct control. Typically however, data stored in a colocation site is safer than on-premise as the facility is designed to ensure data is stored securely and the provider has sufficient funds to ensure high-level security that some customers can’t provide themselves.”
[su_box title=”About Aegis Data” style=”noise” box_color=”#336588″][short_info id=’60350′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.