- Data centre security is the practice of applying security controls to a data centre with the goal of protecting it from threats that could compromise the confidentiality, integrity, or availability of business information assets or intellectual property.
- Data centre security follows workloads in physical data centres and multi-cloud environments to protect applications, infrastructure, data, and users from traditional data centres based on physical servers to more modern data centres based on virtualised servers.
- Data centres contain most of the information assets and intellectual property, which are the main focus of all targeted attacks, and therefore require a high level of security, data centres contain hundreds of physical and virtual servers, and it can be difficult to create and manage appropriate security rules to control access between (North/South) and (east/west) resources.
Importance of data centre security
Data centre security services include technical and physical measures to protect data centre assets and resources. This includes protecting it from internal and external threats.
A comprehensive security plan covers all aspects of the data centre, including networks, servers, power systems, and the data and processes they support. In addition, specific data centre security threats must also be addressed, as data centres are tempting targets for threat actors looking for vulnerabilities.
So why is data centre security important? Whether data centres are primarily used for storage, disaster recovery, or to support applications, their compute workloads are the backbone of the businesses they serve. In addition, a company’s sensitive information and business-critical applications are a treasure trove of opportunities for hackers and other threats.
The data centre is a trusted component of an organisation’s infrastructure. Many companies rely on their data centre assets to provide a safety net when all other issues arise. In this way, a secure data centre ensures business continuity and gives users confidence that they can focus on growing their business without worrying about the security of their digital assets.
Vulnerabilities in data centre security
Attackers employ a variety of techniques and tools to infiltrate data centres and their security systems. They may target specific groups of users with social engineering attacks to trick them into revealing passwords or provide intruders with access points to bypass the data centre’s security systems. If a user downloads malware, it can be used to access passwords and other login credentials. In addition, if ransomware is used, attackers can capture and take control of critical computers, forcing administrators to pay a ransom to gain access again.
Attackers also tend to target weak passwords. These are often the result of users recycling passwords they used on other accounts, as they are easy to remember. Even if the password is harder to guess, it’s weak if used across multiple accounts. Attackers can crack users’ passwords in different applications, and since it’s used to access data centre resources, attackers now have what they need to get in there as well. This further emphasises the need for an MFA that addresses at least one thing users can hold and one thing they know.
Therefore, IT is important for IT managers to provide users with training on good password and credential management, and the dangers that can result from even minor missteps. Education should also include what threats look like, how they behave, and which attack surfaces are most likely to attract the attention of malicious actors. Education is one of the most effective ways to reduce human vulnerability.
In addition to users, data centres can be vulnerable due to poorly configured networks, outdated networks, or inadequate use of security tools. Because cybercriminals are always looking for new ways to attack, they can only use the latest security protocols and tools. Automatically updating software, including software that uses threat intelligence, can keep data centres ahead of the latest threats.
3 requirements for data centre security
Visibility: When securing a data centre, you need to understand users, devices, networks, applications, workloads, and processes. Visibility makes it easier to detect performance bottlenecks to inform capacity planning. It speeds up attack detection and makes it easier to identify malicious insiders trying to steal sensitive data or disrupt operations. Visibility can also reduce response time and forensics after an incident to discover the extent to which critical systems have been compromised and determine what information has been stolen.
Segmentation: Segmentation Narrows the scope of an attack by limiting its ability to spread from one resource to another through the data centre. Segmentation is an important tool for servers with delayed patch cycles. It reduces the likelihood of exploiting vulnerabilities before adequate patch identification and deployment to production is completed. For legacy systems, segmentation is critical to protecting resources that do not receive maintenance releases or patch updates.
Many attacks focus on direct access to systems to compromise them through application vulnerabilities, insecure ports, or denial of service (DoS) attacks. A DoS attack crashes the system and allows an attacker to gain administrator control and install malicious code to continue the violation. If a hacker is unable to access high-value assets in a data centre, many attacks can be stopped rather than continued until a threat is detected or the system is compromised. For some industries, such as utilities, advanced persistent threats are a way of life. It’s almost impossible to defend against such attacks 100% of the time, but segmentation is a valuable tool that slows down hackers and gives security teams time to identify issues, limit exposure, and respond to attacks.
Threat protection: All data centres need to protect their applications and data from an increasing number of sophisticated threats and global attacks. All organisations are under threat of attack, and many have been compromised without realising it.
Securing modern data centres is a challenge for security teams. Workloads are constantly moving in physical data centres and multi-cloud environments. As a result, underlying security policies must change dynamically to help enable real-time policy enforcement and security orchestration for workloads everywhere. In a data centre with multiple customers (such as a public cloud environment), one customer may attempt to compromise another customer’s server in order to steal proprietary information or tamper with records.
Mobile and Web applications can enhance customer loyalty, but they increase the attack surface and create another avenue of exploitation. Employees can unknowingly harm the business and lead to data breaches. Hackers often start by accessing an employee’s authentication credentials. They do this by infecting endpoint devices with malware or using phishing or other social engineering techniques to trick users into providing their credentials. Hackers can now gain “authorised” access to one or more servers within the data centre, access more user accounts, and continue to the targeted servers where the data theft occurred. Users can mitigate business disruptions and breaches by deploying fully integrated security products that work together in automated processes. This simplifies threat prevention, detection, and mitigation.
Also read: Quad9 in Africa: Efficient solutions to enhance digital security
Data centre tiers and security levels
ANSI/TIA-942 defines the data centre standard and divides it into four layers based on complexity. More complex data centres require greater redundancy and fault tolerance. Ensuring data centre integrity is a form of security, and the more complex the hierarchy, the higher the security requirements.
Layer 1: Basic site infrastructure: provides limited protection against physical events. Consists of a single-capacity component and a single non-redundant distribution path.
Layer 2: Redundant capacity Component Site infrastructure: provides better protection against physical events. Includes a redundant capacity component and, as with Layer 1, a single non-redundant distribution path.
Layer 3: A site infrastructure that can be maintained concurrently: protected from virtually all physical events. Includes redundant capacity components and various independent distribution paths. All components can be removed or replaced without interruption to end-user services.
Layer 4: Fault Tolerant Site infrastructure: Provides the highest level of fault tolerance and redundancy. Includes redundant capacity components and various independent distribution paths for concurrent maintainability. A failure in the installation will not cause downtime.
