Data centers are prime targets for many different types of attacks, cyber or otherwise, because they’re data centers. You may host sensitive data on your servers or you provide crucial services to your clients, which means any intrusion could potentially spell disaster for your business and your clients’ businesses.
Cyber security professionals put it this way: it’s not a matter of if you will have a cyber security attack; it’s a matter of when. You need to anticipate cyber attacks coming from almost any angle, and affecting every facet of your data center’s security.
Data center security best practices are complex and extensive, and it’s very easy to overlook a tiny piece of the puzzle. Use the following analysis as a helpful reminder to check and double check that you’ve installed and properly configured security in each important layer.
Control Physical Access Points
Keep entry to your building restricted to prevent malicious actors from walking right in the front door. Many data centers have gated entrances where entry is authorized by security personnel. However, additional measures such cameras, biometrics, and locked access to the facility itself should be used to keep access secure. It’s also advisable to make sure that other potential entry points such as the windows, roof access, and air ducts are secured as well.
Hi-resolution surveillance cameras with video and audio recording are the optimal solution for data center entry monitoring. They should be installed outside and throughout the data center so that no part of the facility is unmonitored. The best practice is to have 24/7 real-time camera monitoring by data center employees.
Tighten Network and Data Security
Your data center has been targeted by threat actors in the past—whether you’re aware of it or not. Your data center will be targeted by threat actors again. While cyber attackers aren’t specifically looking for your data center as a target, they are looking for any place on the internet where they can find an open door into systems and infrastructure. If your data center has one, threat actors will find it.
It pays to be paranoid. Consider every single instance of traffic on your network as a potential threat, and don’t automatically trust access from any sources. You’ll want to install event logs to detect intrusions, monitors to keep track of IP addresses accessing your network, firewalls, and anti-DDoS protection, to start with. At a bare minimum, every single network, firewall, and software application that touches any part of your data center (on or off site), must incorporate multi-factor authentication methods rather than a single password login.
Next, you’ll need to make sure you have trusted employees who know how to use these tools and recognize when network traffic is or isn’t a threat.
Educate and Train Employees
Your employees need to know what kinds of attacks they should expect, and how they should respond to each type of threat.
Though you can’t know ahead of time which type of cyber attack will be your biggest threat, you can make some educated guesses based on the data you store, the services you provide, the clients you serve, and a general awareness of the most common threats data centers encounter.
Train your employees to keep a constant, vigilant eye on each security camera and event monitor you install. They should be able to detect when something doesn’t look quite right, even if the automated monitors don’t send out an alert.
Your employees should be trained to recognize common types of attacks, including DDoS attacks, external third-party service attacks, and phishing schemes or other suspicious attempts to gain information about a company or employee. Though your employees may not be able to see the attack happening in real time, you should also educate them about the possibility of intrusions from ransomware, stolen passwords, and other typical types of security breaches.
One of the biggest issues that sprung up from employees working from home during and after the global pandemic was the fact that many used personal, home computers to log in (albeit securely using VPN’s) to the network at work. However, it’s critical that this doesn’t happen. Personal computers can be hacked and give the bad guys a way into your network when that employee logs in. Instead, insist that remote workers only access your network with a company-provided device, or that your security monitoring and anti-malware software is installed on their home computer.
Some companies find that periodic, unexpected testing drills help sharpen their employees ability to respond to real world situations. This could include fake phishing or spam emails, and physical attack or lockdown drills. Check with your cybersecurity team and/or insurance provider. They may have resources that you can use.
Create Frequent Backups
If the worst does happen, ensure that you don’t lose everything. Your backup schedule should be frequent, and the data you back up should be just as protected and secured as the original data from which it was copied.
When possible, you should have multiple backup versions available, just in case the most recent backups occurred after a breach has already happened, or in case the data gets corrupted for any other reason. It’s ideal to have multiple different types of backups for your data (including cloud backups), so you have redundancies upon redundancies.
While data center security standards don’t necessarily dictate that you must keep multiple backup systems with multiple backup versions, if you store critical data within your facility, it’s far better to be safe than sorry.
Prioritize Maintenance and Updates
All of the top-dollar cybersecurity measures can give you a false sense of security if you don’t properly maintain them. Once they’re up and running, you may feel protected, walled in behind shiny hardware and software that promises to keep out any unauthorized intruders.
But true security means configuring those security measures correctly, constantly testing to make sure configurations are still correct and security is still strong, and quickly responding to threats when they occur. It’s a continuous process, not something that stops once the system is up and running.
Try to upgrade your hardware as frequently as is feasible to ensure you have the latest, most secure equipment. Older hardware tends to have more exploitable security gaps. Most manufacturers address those concerns quickly and put out new firmware releases to address past problems. Aim to upgrade your hardware every few years.
Software updates should be applied as soon as new ones are available. This is especially true for critical releases and patches that address security issues. We’re all aware that hackers know about exploits before the software companies do, so by the time updates that address them are released, your system has already been vulnerable for some time.
Provide Access In Layers and Segments
If threat actors gain entry to your building or network via one access point, they shouldn’t be able to freely get to every other part of the building or network. As much as is possible, think about segmenting your security to keep one tiny breach from turning into a data-center-wide catastrophe.
Only employees with higher security clearance levels should be able to access your most critical equipment and each different function on your network should be protected behind authentication controls. You want to be relatively certain of two things:
- That if someone accesses your network or your building, they are probably supposed to be there;
- And if they aren’t supposed to be there, they shouldn’t be able to find their way into any other areas, because those areas are secured behind different—and differently controlled—access points.
Much of the time, you will be able to shore up security and address all of the above concerns adequately in your current location. But if you ever run into a problem and realize your current facility just isn’t cutting it—or perhaps the building is fine, but you need to move your equipment around to work on other aspects of physical security—reach out for help. There are many internal and external resources available to help you make your data center as secure as possible.