Are datacentres any more secure?
02-04-2012 - John Hatcher
When I last considered data centre security, my focus was very much on comparing physical and data security; assessing whether physical security systems, from swipe cards to biometrics, were keeping up with firewalls, encryption devices, DLP and other established IT security solutions. The conclusion I reached was that physical security was very much in the race and data centre managers were pretty savvy when it came to identifying and managing potential threats relating to access and unwanted intrusion.
The reality, however, has proved that it’s not just about investing in the very latest technology. The ongoing budget constraints imposed on IT managers have meant that investing in any device or solution for access control has to prove its worth to the business. In my experience, biometric and fingerprint technology have been difficult to justify for most businesses where a swipe card will do the job just as well. While biometrics are great solutions for users who might be prone to losing or have difficulty remembering their entry card – children, for example – there are very few genuine opportunities to implement them.
The technology that has seen significant development and growth, however, relates to the improvement in the quality of digital images, particularly due to the introduction of high-resolution IP cameras and HD TVs. The principle of capturing an image digitally may not have changed in the last few years, but the fact that image quality has improved means that more information is now available to IT and security professionals. This in turn gives rise to more opportunities for analysis and management of images – from number plate to facial recognition – that can improve processes and productivity or add value directly to the business. These advances, however, have come at a cost - most notably to the network - as high definition inevitably means high bandwidth.
There are two other aspects of data centre security, which I believe should be high on any data centre manager’s agenda. They are intrinsically linked, but are not necessarily obvious. The first is the threat of failure or interruption of the power supply to data centre operations by a natural event or disaster and the second is the ability to restore the configuration of vital networking, security or storage devices in the event of loss or failure. Both mean that business continuity and disaster recovery (BC/DR) planning and management need careful consideration as part of the overall security of the data centre and both have technology solutions at their disposal.
While uninterrupted power supply (UPS) solutions may be nothing new, what many companies don’t consider is how they are maintained and tested. UPS systems are often purchased and installed in a piece-meal way, many become redundant as the needs of the business change and few come with an ongoing maintenance package. Investing in an audit and test of their business’s UPS solutions might be the smartest move a data centre manager could make in the coming months, particularly if disruption to critical business processes is a possibility due to bad weather affecting the power supply.
Back-up and data restoration is a fundamental element of any data centre manager’s BC and DR planning. However, while provision is made for data back up and recovery, few businesses have considered the potential disruption caused when networking, security or storage devices shut down – whether as part of a planned upgrade or in the event of an un-planned disaster. The recent outage at RIM demonstrates how vulnerable businesses can be in the event of the failure of a critical piece of IT equipment. If it was a case (and we may never know the precise details) of not being able to reinstate a device due to configuration settings not being saved, then lessons will no doubt have been learned and a secure restorepoint implemented.
So, when it comes to knowing where to invest in order to secure your data centre, start by thinking about the unthinkable. Don’t invest in new technology for the sake of it, but select those solutions that address the real risks that threaten your business and learn from other’s mistakes and misfortunes – not your own.