The threats facing businesses today are arguably the most aggressive and dynamic in history, with data centers’ infrastructure comprising a paramount element in the first line of defense for many companies. The advent of mobile and cloud computing has compounded the calculus, driving increased dependence on third parties as significant contributors to a company’s enterprise security posture.
As the trend toward data center outsourcing continues to grow, organizations find themselves relying heavily on the ability of their data center providers to deliver levels of security that meet their own rigorous standards. The provider’s security plan is often integral to the foundation for a client’s in-house protection mechanisms that support the confidentiality, integrity and availability of its data, and must therefore integrate seamlessly into a client’s security plan.
Ideas and concepts defining security have changed dramatically in the past 10 to 15 years. There was a time when security meant physical security, such as guards, gates and alarm consoles. With the advent of distributed computing and the rise of the Internet, data center security has become a recognized discipline requiring a blend of technical, policy and business acumen, and thoroughly professional practitioners. In the years since, data protection has come to occupy the attention of the C-suite, and savvy information security professionals understand that the foundation for a strong enterprise security program includes physical protection of assets.
But the confluence of physical protection and logical controls is not the only component of a sound data center security program. Incident management, resiliency and compliance are also critical aspects of any holistic effort to provide best-in-class security. And, of course, the keys to making all of these parts coalesce into a smoothly running, optimized system focused on client success are the people and processes that define its operation.