Data Center Security Defined
Data center security refers to the physical practices and virtual technologies used to protect a data center from external threats and attacks. A data center is a facility that stores IT infrastructure, composed of networked computers and storage used to organize, process, and store large amounts of data. For private companies moving to the cloud, data centers reduce the cost of running their own centralized computing networks and servers. Data centers provide services such as data storage, backup and recovery, data management and networking. Because data centers hold sensitive or proprietary information, such as customer data or intellectual property, sites have to be both digitally and physically secured.
How to secure a data center
Data centers are complex and to protect them, security components must be considered separately but at the same time follow one holistic security policy. Security can be divided into physical and software security. Physical security encompasses a wide range of processes and strategies used to prevent outside interference. Software or virtual security prevents cybercriminals from entering the network by bypassing the firewall, cracking passwords, or through other loopholes.
A data center building’s most obvious security characteristics are related to design and layout. The building itself may be designed as a single-purpose or multipurpose unit, the latter of which operates as a shared space and may house businesses unrelated to the data center. A data center building is usually built away from major roads in order to establish buffer zones made up of a combination of landscaping and crash-proof barriers.
Access into a data center facility is fairly limited. Most do not have exterior windows and relatively few entry points. Security guards inside the building monitor for suspicious activity using footage from surveillance cameras installed along the outside perimeter. Visitors may use two-factor authentication to enter the building, including scanning personal identity verification (PIV) cards and entering a personal passcode. Employee badge readers and biometric systems, such as fingerprint readers, iris scanners and facial recognition, may also be used to permit entry.
Hacking, malware and spyware are the obvious threats to data stored in a data center.
A security information and event management tool (SIEM) offers a real-time view of a data center’s security posture. A SIEM helps provide visibility and control into everything from access and alarm systems and sensors on the perimeter fence.
Creating secure zones in the network is one way to layer security into the data center. Administrators can split networks into three zones: a test area with a great deal of flexibility, development zone with a slightly more stringent environment, and a production zone with only approved production equipment.
Before applications and code are deployed, certain tools may be used to scan them for vulnerabilities that can be easily exploited, and then provide metrics and remediation capabilities. Code may be run through a scanner to check for buffer overflows or other vulnerabilities. With the rise of cloud computing, visibility into data flows is a necessity, since there could be malware hiding inside of otherwise legitimate traffic.
Who needs data center security?
Every data center needs some form of security to ensure its continued use. Some aspects of “security” are actually made up of uptime features, such as multiple power sources, multiple environmental controls and more. Data centers can be placed into four tiers: each tier is associated with a specific business function and sets an appropriate criterion for cooling, maintenance, and capability to withstand a fault. Each tier essentially shows how fault tolerant that system is—measured in uptime—and what kind of security it may need.
Tier 1 + 2
These are generally used by small businesses that do not provide real-time delivery of products or services as a significant part of their revenue. Tier 1 comprises non-redundant capacity components, such as single uplink and servers. Tier 2 incorporates the requirements of tier 1 but adds redundant capacity components.
Tier 3 + 4
Rigorous uptime requirements and long-term viability are usually the reason for selecting strategic solutions found in Tier III and Tier IV site infrastructure. These data centers are considered more robust and less prone to failures. Tier 3 comprises the requirements of tier 1 + tier 2 but adds dual-powered equipment and multiple uplinks. Tier 4 comprises the requirements of all three previous tiers but with components that are fully fault-tolerant, including uplinks, storage, chillers, HVAC, and more.