In this edition of Voices of the Industry, Stewart Collier, Managing Director, Critical Environments, at Stream Data Centers, explains why it is time to recognize cybersecurity involves more than just technology, and how the roles of compliance and physical access ensure virtual security for the enterprise.
The term “cybersecurity” is commonly associated with the protection of digital data from theft or compromise by hackers. For enterprise customers, however, most data breaches aren’t the result of technology villains inventing new ways to do damage. Instead, breaches are due to shortfalls in the development and enforcement of stringent security processes and protocols. This why a good cybersecurity plan starts with a ground-up approach, including not only the technology and virtual security in place, but very stringent physical security, backed by rigorously-tested procedures and clearly-defined business protocols.
The reality is, effective cybersecurity requires more than just a secure infrastructure and one-time installation of security processes. Cybersecurity requires ongoing attention to, and adjustment of, operational protocols and facilities management. The best strategy for ensuring it all: reliance on a data center with a strong and comprehensive mission-critical approach to business — including the support of experts whose sole focus is to collaborate with enterprise customers to enhance security and thwart cyberattacks.
Sound complicated? It’s really not. By relying on a top-tier data center provider, businesses can focus on delivering the promise to their own customers, confident that best-in-class compliance practices are being employed in the following key areas beyond the physical infrastructure itself:
Evergreen best practices
Times change. Cybersecurity threats are continually evolving. As a result, what’s currently defined as
a “best practice” could be outdated in a matter of months. Continually reviewing the details of internal operational procedures, in conjunction with staying up to speed on new and emerging threats, is key.
More often than not, staying ahead of the bad guys requires only minor adjustments to security measures already in place — but without an ongoing, top-to-bottom analysis of existing processes, even a minor security weakness or oversight could open the door to crippling damage.
24/7 monitored access
Protecting a data center with perimeter fences and gates, and controlling employee and visitor access with monitored portals, together, represent the most basic parameters of brick-and-mortar cybersecurity. Just as essential are 24/7 video surveillance of all areas of the facility (with an appropriate archive of recorded footage); multi-factor access control (like key cards, locks or biometric authentication) of users for some areas or activities (or the ability to add such protection incrementally); required presentation of government-issued photo IDs for all visitors; and secure areas within the center for employee meetings and collaborations. Ultimately, however, the value of these protection measures hinges on the consistent enforcement of security policies and the support of security vendors with demonstrated cybersecurity expertise.
Access to security partners
In addition to a company’s on-site 24/7 support from operations and facilities personnel, it’s just as important for employees to have 24/7 access to the services and technical support of their remote data center in order to get immediate attention and early resolution of any potential issues.
Up-to-date operational certification
Earning operational certifications, such as Uptime (M&O), PMP and ITIL certifications, is highly important — not only to ensure optimal delivery of service, but also to enhance a data center’s credibility to potential customers. It’s also important to have certifications to ensure operational consistency across a portfolio of critical facilities.
Beyond expert hands-on operations, however, it’s equally important to maintain thorough documentation and compliance procedures, such as drawings, OEM manuals and operating policies. Technical and facility support should be 24/7, both on-site and remote for immediate attention and early resolution of potential issues. Businesses can also benefit from the documentation and follow-through on a continuing-education policy for all personnel — not just engineers — to build and sustain a best-in-class operation.
Controlling and securing data reliably, and responding successfully to rigorous audits, can be daunting. Meeting compliance mandates, however, will not only ensure maximum security and availability, but also enhance a data center’s reputation for quality. Important compliance standards include, but are not limited to:
- NIST 800-53 PE and FISMA
- SSAE-18 (SOC 1)/ISAE 3402
- PCI DSS
In addition to satisfying these critical cybersecurity needs, it’s just as important for companies to align with a data center that approaches every account as a partnership. One in which the customer’s in-house protocols are as equally respected as the data center’s expertise, and proactive attention to emerging threats is a commitment made by both. Through this combination of physical protection, quality assurance and team solidarity, companies can confidently overcome the cyber dangers we know about today and stay a step ahead of whatever may loom down the road.
Stewart Collier is Managing Director, Critical Environments, at Stream Data Centers.