(c)iStock.com/gogo_b
10 years ago, few could have predicted that the world would generate data on today’s colossal scale, that a new social media environment would emerge, or that the Internet of Things (IoT) would integrate devices with intelligent IT. These changes have impacted the way we access data, and the way that businesses manage and store data.
Recently we have seen an evolution in infrastructure and storage to support these new trends, both for the business community and for consumers, which has driven innovation in how the data can and should be protected. Companies and individuals are responsible for securing and protecting all this data, and whilst great strides have been made to ensure that information is protected from external threats, it’s often humans who continue to be the weakest link in the security chain.
Whether through malicious intent or inadvertent carelessness, even the most sophisticated technology can be rendered useless if sensitive information gets into the wrong hands due to human error; therefore it is vital that data centres have a multi-step security approach in place.
Securing external threats
If you are looking to a third party provider to host your data, it is essential to seek absolute clarity on what measures of security are in place at the logical and physical levels. World class data centres have a number of sophisticated controls to ensure systems remain protected, including physical security controls like cameras and biometric access systems and may then offer managed services to deliver logical controls at the network level like firewalls, intrusion detection or DoS mitigation.
At the OS level, operating systems have become more secure and more sophisticated anti-virus software is now available, whilst threats at the applications level can be mitigated in a number of ways; for example, intelligent web application firewalls can be implemented. These firewalls are clever enough to understand what the normal traffic patterns are for an application, and if they encounter traffic patterns outside the defined “normal” parameters, the firewall can automatically block the problem traffic, averting a problem before it happens.
Sitting on top of these tools and systems are defined processes and best-practices, including specific industry compliance standards such as PCI, HIPPA, FISMA, and others which define broader measures to protect data like ISO, SSAE16 and ISMS. But despite development in tools, systems and processes, new threats continue to emerge and organisations need to be on alert to stay one step ahead of those external threats.
Securing internal threats
Much of the focus on the human link in the data centre security chain is on protecting networks from outsiders, but the insider threat continues to pose a significant risk. “Rogue insiders” already have access to systems and can often avoid tripping alarms that might otherwise signal some form of attack. In fact the 2015 Information Security Breaches survey found that 75% of organisations suffered staff-related security breaches with 50% citing that the worst breaches in the year were cause by human error. Recognising the sources of these threats is one thing, but it is quite another to be able to deal with them. However there are several practical steps data centre managers can take to enable this.
Many data centre providers take advantage of the new levels of sophistication in algorithms for encryption, which can provide another layer of protection, should outsiders gain access to data. As well as encrypting data for both storage and transmission, it is important to capture all the information about data access attempts – both legal and illegal. This allows privileged users to do their jobs in a climate of transparency, whilst acting as a deterrent for unauthorised access.
Multiple factor authentication, where multiple checks take place – for or example, keys or used in conjunction with passwords, then combined with biometrics like finger print or retina scans –can be incorporated as an additional measure.
Ultimately, a multi-level approach to security must be taken to close the weak links within a data centre. The goal of this approach is to meet compliance and specific legal requirements as well as to stay one step ahead of the risk posed by rogue employees. Using the multi-level security approach, we can create numerous opportunities to proactively detect, deter, and effectively deal with both insider and external threats.