Data centers, literally by definition, are places to store data. The purpose of storing the data is to extract information from it. This information can be highly valuable. It therefore needs to be kept highly secure. With that in mind, here is a simple guide to the key principles of data center information security.
Information security is a branch of security concerned with the safeguarding of knowledge, typically in the form of raw data or information. It typically leans heavily on cybersecurity. This is a niche in security that specifically deals with technological threats.
With that said, like all forms of security, information security depends on effective physical security. This is the branch of security that deals with threats to a location or person. These threats can be human or environmental.
In modern data centers, security is generally based on a concept known as the CIA triad. CIA standards for confidentiality, integrity and accessibility.
Confidentiality: This means that data remains must be accessible only to authorized individuals or systems.
Integrity: This means that data must be accurate.
Availability: This means that data and services must be accessible whenever they are needed.
Sometimes these principles will come into conflict. For example, security checks are necessary to maintain confidentiality. These checks will, however, slow down access to data and hence compromise availability. In these situations, data center managers have to exercise their judgment as to which goal takes priority.
For practical purposes, a working definition of “confidentiality” is “ensuring that data can only be accessed by people and services who/that are entitled to access it”. This definition acknowledges the fact that, in most data centers, a lot of data is unlikely to be sensitive. In fact, a significant percentage of it may actually be intended for public consumption. If it is, the owners of it may actually want it to be accessed as much as possible.
Of data that is considered sensitive, there will almost certainly be different levels of sensitivity. Furthermore, these levels of sensitivity may change over time. For example, information about a product may be highly sensitive before a patent is filed. After that, however, it may not be considered sensitive at all.
There are five key measures that can be used to enforce confidentiality in data centers.
Data inventory: this is the starting point of all data management. You can only ensure data remains confidential if you know what data you hold and where you hold it.
Data segmentation: Segmenting your data effectively allows you to focus your resources where you need them most.
Data deletion: Deleting data promptly may be required by law. Even when it isn’t, it makes sense to delete unneeded data promptly. Not only does it protect against breaches, but it also frees up resources for more valuable use. It’s also vital that there is a process for completely deleting data from hardware before it is retired.
Encryption: Encryption renders data useless to thieves.
Access control: Access control refers not only to controlling who/what has access to what data but also to controlling what users can do with the data.
Generally, it is the responsibility of the data collector to ensure that the data they collect is accurate. It is the responsibility of the data center manager to ensure that the data is not compromised while it is held in the data center.
Maintaining the confidentiality of data will also help to protect its integrity. When data is accessed, there should be measures in place to limit the risk of it being compromised. For example, data validation and checksums can be used to flag anomalies for further investigation.
Other measures to ensure data integrity include version control, having a robust backup strategy and ensuring that hardware is maintained in proper working order. There should also be a process for recovering data from hardware that has failed unexpectedly.
Balancing availability with confidentiality may be the single biggest challenge in data center information security. Traditionally, this issue has been addressed by increasing bandwidth, ensuring plenty of redundancy and implementing failover systems. These strategies all still have value today.
At the same time, it is also valid to consider the role of data centers in modern business (and life). More specifically, it’s valid to consider ways to lighten the load on data centers, thus making availability both less of an issue and less challenging to address.
For example, there’s now a growing movement to move some data storage and processing out of centralized data centers and (back) into local environments (e.g. edge computing). This raises a different set of availability issues. It can, however, be a pragmatic solution in some cases.
Related Resources:
Best Practices for Data Center Network Security
7 Steps to Secure Your Data Center
Security Audits and Assessments for Data Centers
Discover the DataBank Difference today:
Hybrid infrastructure solutions with boundless edge reach and a human touch.
