What is Datacenter Security?
Datacenter security is an assortment of technological and physical measures which are used to protect a datacenter's assets and resources, thereby shielding it from all sorts of internal and external threats.
You should always design a comprehensive security plan that covers all important aspects of your datacenter, e.g., the networks, servers, power-systems, and the DATA and the PROCESSES they support.
You should take full cognition of 'specific' security threats that are usually faced by datacenters, because your datacenter, in fact all datacenters, are highly lucrative targets for most cyber-criminals.
Your datacenter is always the backbone of your business. It does not matter, if you use your datacenter for storage, or disaster-recovery, or for supporting business applications, the vast computational workloads of your datacenter is THE MOST critical resource of whole IT infrastructure your company operates with.
In the hindsight, your company's sensitive information and business-critical applications are a treasure trove of opportunity for hackers and other threats.
Whether you believe or not, your datacenter is a trusted component of your organization’s infrastructure. Your company is depending upon your datacenter assets to provide a SAFETY NET when everything else goes wrong. That's why the security of your datacenter is extremely vital.
In a way, a secure data center ensures the 'Business Continuity' and gives your company a confidence that you can focus on growing your businesses without worrying about the safety of your digital assets.
-
How Can You Secure Your Datacenter?
Your datacenter actually consists of groups of 'networking' and 'computational' equipments, which process and store information for your business in a centralized location. Right?
As its security is paramount, your company must deploy 'specialized' virtual and physical systems which have been designed to protect a datacenter.
--------------
REMEMBER:
--------------
The security measures taken by you to guard your datacenter, would essentially fail, if your company does NOT take all the possible steps to protect its NETWORKS. Network security by design is a cornerstone of your datacenter security, as it would prevent malware attacks and other threats from penetrating the datacenter via your networks. I hope, you won't forget this!
Two Critical Components of Datacenter Security, are:
-
Physical Security
-
Virtual or Software Security
[1] Physical Security
The location of a datacenter must be RIGHT. It must be your primary concern, as to in what area your are going to build your company's datacenter. Regardless of whether your company own the datacenter or have rented a facility from a IT service provider, the same considerations are important to you.
Your company would never want to operate its datacenter in areas which presents security and safety risks, such as follows:
-
Near Power plants
-
Areas within earthquake fault lines
-
Areas airplanes cross as they land
-
Places close to chemical facilities
-
Locations where hurricanes are common
-
Places likely to experience tornadoes
-
Areas prone to seasonal wildfires
-
Areas exposed to flooding
Once the location factor has been taken care of, your next concern is the BUILDING itself which will house your datacenter. This building must be well above of flood-planes, built with 'thick' concrete walls. Experts suggests that the outer walls of the building must be at least 12-inches or thicker, as it would be able to withstand major natural disasters and even explosions...
These thick walls keep your datacenter's physical security maintained most of the time.
[2] Virtual or Software Security
Virtualization technologies are essential to modern datacenters. Virtualization allows your company to get a digital infrastructure that supports your primary IT systems. It also allows your admins to manage the datacenter services from remote locations.
How do you set up your datacenter, it is up to you. For example, your company may use it to access to public cloud. Else, your company may use it as your internal datacenter. Though many cloud-based solutions such as Amazon Web Services (AWS), SoftLayer, etc would give your administrator a lot of flexibility, but the flexibility comes at a cost as you may expose your datacenter assets and systems to cyber threat-actors.
[3] Other Security Measures
Believing that security must be in the DNA of a datacenter, you must do everything possible in your capacity to secure it, by using IDS/IPS, NGFWs etc. And your security team must be monitoring your datacenter & network performance 24x7 to make it the safest places for your data to live.
Your security teams also run year-round testing to ensure that you’re always prepared to respond to any situation. And along with routine testing, your teams should run a robust enterprise risk management program to proactively assess and mitigate any risks to your datacenter.
Lastly, you should rigorously track the location and status of each hard drive in your datacenter. You should destroy hard-drives that have reached the end of their lives in a thorough, multi-step process to prevent access to the data.
-
What Technologies You Can Use For Datacenter Security?
[A] Multi-factor authentication (MFA)
It is essential to keep your datacenter secure, can also help an organization secure its data center resources. You automatically get an extra layer of security with MFA. Minimum of 2-factors of authentication are a must to validate access rights. Suppose, if an attacker is able to get one authentication measure somehow, he will still need to find a way to get the second—factor. He will not have too much time on his side. Because, soon login session will automatically expire. Also, each failed login attempt may generate a security alert...
Given the context of Datacenter Security, MFA is a powerful security solution to ensure only authorized individuals can access the physical areas of your data center. For example, you may make some requirements mandatory to access datacenter equipments such as:
-
A comprehensive check-in process that requires government-issued identification
-
Special badges for visitors
-
Fingerprint identification
-
A physical key that can provide access to areas where equipment is run or stored
-
Badge key cards, which can be verified before going through doors between sensitive areas
-
Retina or facial scans
[B] Surveillance & Monitoring Systems
Surveillance monitoring has to be there all the time to ensure HIGH SECURIY.
First, you can record who enters which areas, as well as what they do once inside. This information can be reviewed if there is a breach to track down the attacker.
Second, the presence of security monitoring systems can be a powerful deterrent against attackers. Knowing they have to find a way to bypass a camera system can be enough to DISCOURAGE them to make risker attempt to gain access to prohibited areas of datacenter.
Remember, it is not about installing CCTV cameras, it is about human controlled- and monitored- Surveillance system.
In addition, you can seek suggestions from 'real' security experts con how to maximize the effectiveness of the surveillance system. Their ability to pinpoint areas of improvement in the security of the facility, can be invaluable.
[C] Redundancy
I value this component of Datacenter very highly. Because you expect your datacenter to be 'resilient' in most circumstance. But how do you achieve this redundancy?
With right redundant elements in place, if any primary component malfunctions or breaks down completely, then your secondary component would be activated — automatically or manually, and key systems of your datacenter will be able to maintain their function without interruption.
You would want the redundant systems for each of the following systems:
-
The cooling system, which keeps servers from overheating while they process data
-
Electricity used to power 'specific areas' of the datacenter, such as those housing servers or key networking components
-
Network connections that provide information 'throughput' to business-critical systems
-
Even the overall power system needs its own redundant system.
The sum of the story here is that you need redundancy at each level of your datacenter. For example,
-
You may run two servers in parallel, both using the same operating system, security measures, and software. If one is to go down, the other can automatically turn on, maximizing uptime for your users.
-
You can deploy multiple firewalls at different points within a network, one at the outer edge and another between the edge and a server. These two firewalls are redundant because they may catch many or all of the same threats. However, you can use the edge firewall to inspect the outgoing traffic that 'gets by' the firewall in front of the internal server. With this data, you gain insight into the existence of internal vulnerabilities, as well as how threats that exploit the vulnerabilities behave.
-
You can take advantage of two ISPs, for instance, with one only being used when the other goes down. Here you can run the traffic from both ISPs via a 'High-throughput' Firewall, as it would ensure that continuity be maintained, in case if primary ISP's signal fails, or has to be shut-down due to any security breach.
-
While you work, your servers can 'automatically' back up your critical data. So when accidents happen — if your computer crashes or gets stolen — you can be up and running again in seconds.
-
Six Layers Deep Security of Google Datacenters
In terms of physical access, there are 6-layers one has to go through:
1. Layer 1: Property Boundaries
It includes Signages & Fences.
2. Layer 2: Secure Perimeter
This includes their main entrance. Users have to have their own ID-cards which are processed here. Once cleared only then you can pass through otherwise not.
This layer 2 has a lot of security features, from smart fencing to overlapping cameras.
There are a lot technologies and operations going on behind the scene. From the moment you are in within the boundaries of property they know you are in. A number of correlation analysis is going on about where you have been. They also have guards in car and on foot, who petrol there 24x7. They also have vehicle crash-barriers which can even stop a fully-loaded truck.
Their inside-fences are called anti-climb fences and made of fiber. Technology allows them to see when someone comes even near to their fences, let alone touch it.
A number of standard cameras and thermal cameras have been fitted in such a manner that each & every inch of their fences can be watched from control-room, whether it is day or night.
3. Layer 3: Building Access
In order to get into the main building, you have to use your ID-card to get inside. The moment you reach inside, you have to pass the security check. Not only ID is checked again, but you also have to through the 'Iris Scan' to reaffirm your identity.
Only one person is allowed to go through the doors. Remember, one person at a time, and using only his/her ID card.
4. Layer 4: Security Operation Center
It is centralized hive which is monitoring the datacenter 24x7, or 365 days a year. The doors, cameras, badge-readers, Iris-scan is being observed from this place. This is the brains of their security system. If anything is out of ordinary is observed, they have to be able to pick that up.
5. Layer 5: The Datacenter Floor
Interestingly, less than 1% of Googlers ever get to come here. This is truly a special where people are allowed to come only on 'As-needed' basis. It means that only the technicians and engineers who HAVE TO be there to maintain, upgrade or repair the equipment are ever allowed there.
No one of them is allowed to have any access to DATA. They can have access to devices, but the 'Data' at rest is totally encrypted. And only the customers can issue and have their own encryption-keys. Privacy and security of customers data is their highest priority.
6. Layer 6: Disk Erasing & Destruction
Here, if any hard disk is found to reach its end, it is backed up automatically and replaced with the newer one. They then place in a 2-way secure locker-system (secure cabinets on a certain wall).
The other side of the wall, there is another set of people who has no communication with the people on this side of the wall. They pick these old retired hard-disks and the old hard disk is erased by them as per very high standards. Last, they put those into a device known as 'Hard Disk Crusher'. It tears apart the hard disks and crushed into pieces of metal junk. It is completely destroyed.
-
Kindly write 
your comments on the posts or topics, because when you do that you help me greatly in 
designing new quality article/post on cybersecurity.
your comments on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.You can also share with all of us if the information shared here helps you in some manner.
Life is small and make the most of it!
Also take care of yourself and your beloved ones…
With thanks,
Meena R.
____
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM