Why Continually Evaluating and Updating Your Data Center Security Strategy is Mission Critical

In this week’s Voices of the Industry, David Mettler, Vice President of Sales and the Market Director for the US at IO, explains why continually evaluating and updating your data center security strategy is mission critical. 

David Mettler, Vice President of Sales and the Market Director for the US, IO

When the epic and unprecedented malware attack WannaCry was discovered on May 12, it had already infected an estimated 57,000 computers in more than 150 countries. Its spread was tempered by the weekend, but more than 230,000 systems globally are believed to have been infected by Monday morning, May 15.

This particularly virulent form of malware holds infected computers hostage and attempts to extract a ransom to re-gain access to files—and it’s one of the most severe attacks we’ve seen. Hospitals in the UK health system, a Spanish telecommunications Telefonica, the Deutsche Bahn in Germany, the Russian interior ministry, and US-based FedEx were among the organizations impacted by WannaCry.

So how did we get from thrill hackers operating out of basements just a decade or so ago to global cyberattacks affecting financial, healthcare, manufacturing, government, and other sectors today?

Three trends are driving increases in the number and sophistication of data center security threats today:

• We’re more globally connected – In 2005, 1 billion people had Internet access. Today, that number has risen to 3.2 billion people.[1]
• Things are more connected – But the Internet is no longer about connecting just people. Gartner, Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020.

• Bad actors are more connected – With more people and things connected, it’s much easier for bad actors to expand their “playing field” for economic, financial, political, or other gain.

These trends make it imperative for data centers to take a hard line on security—from the physical perimeter all the way to the data center core—by continually evaluating and updating corporate security policies.

According to the SANS Institute, three of the top five security concerns for enterprises are at least in part physical: access management, social engineering, and insider threats. 

• Controlling and managing physical access to the IT equipment through secured racks, cabinets, cages, and other enclosures is paramount. When someone can physically access and touch the equipment, any logical security controls can be easily subverted.
• Well-intentioned threats, also known as social engineering, carried out by employees or others who want to help. For example, an employee who lends a new employee his badge to access the data center or the cleaning person who holds the door open for someone carrying equipment.
• Insider threats come from those within or affiliated with the organization who have inside information about and/or access to the data center—employees, former employees, contractors, vendors, even customers—and have malicious intent.

An additional challenge for enterprise data centers is the potential lack of security awareness and cooperation between security or facility personnel and IT staff. Even though they may differ widely on priorities and approach, they must work together toward the same goal: securing the data center.

All of these physical security risks have one element in common: people.

Because it’s their core business, data center colocation providers—and their people—are uniquely qualified to better manage these risks since:

• They’re experts at data center management and have invested heavily in ensuring that their customers have the most secure environment possible in which to house their infrastructures.
• They hire security teams who are at the forefront of threat detection and mitigation strategies, and are continually reviewing and updating their security policies.
• All employees fully understand the core business of providing data center colocation services and, therefore, work together to ensure unified security.

Threats will continue to escalate, both in number and sophistication. Having a sound data center security strategy that includes colocation can be the best way to mitigate your threat risk.

David Mettler is IO’s Vice President of Sales and the Market Director for the US. Meter is an experienced and seasoned data center management executive, having held positions previously with CenturyLink Business for Enterprise and Sprint. Connect with David on LinkedIn. IO is uniquely positioned because it operates both traditional and modular colocation environments.

DISCLAIMER: This document is for reference purposes only. The information contained herein should not be relied on and neither IO Data Centers LLC nor any of its affiliates makes any warranties or representations as to its accuracy.

[1] International Telecommunication Union/ICT statistics