How data centres can grow and remain competitive
If data really is the “new oil”, then it follows that the data centre must be the oil refinery and the oil storage facility all rolled into one. However, unlike oil there is no indication that there is ever going to be a drying up in the supply of data or the need to store it. How is the data centre industry going to adapt to the tsunami of data that we can see coming over the horizon? The rollout out of 5G is driving data generation, the rise of the Internet of Things (IoT) is also increasing demand and the move to streaming services for music and video is stronger than ever.
It is clear that the idea of stand-alone, dedicated “in-house” data centres, owned and operated by an organisation, have had their day. The future is going to be sharing and co-location. Colocation data centres are a viable alternative that offer up-to-date infrastructure at a lower cost compared to keeping everything “in house.” They frequently lease space to multiple organisations, which means these organisations can access the benefits of sharing resources and outsourcing support. Organisations choose colocation facilities to benefit from their maintenance programs, cooling capabilities, physical security infrastructure, as well as up-time and monitoring guarantees.
The colocation data centre industry, however, faces challenges as a consequence of the exponential growth in cloud computing. This article seeks to explore some of these challenges and provides solutions to overcome them.
The challenge of security
Initially, colocations data centres deployed independent physical security solutions to secure their facilities. This siloed approach however has made it more difficult for data centres to protect customer data, comply with the growing number of regulatory frameworks, and address increasingly sophisticated cyberattacks.
A siloed video surveillance and access control systems (ACS) can slow down response times because they require operators to move between applications to piece together important information regarding any kind of incident.
Another issue with isolated systems is the automation of alarms. This is much harder to achieve with siloed systems meaning that personnel have to actively monitor video feeds and other data sources to identify specific security threats. Ultimately this can lead to teams becoming overwhelmed by information and missing key events or incidents. That, of course, can comprise the data centre’s overall security.
With legacy systems it can also be hard to introduce new technologies such as automatic number plate recognition (ANPR) systems. Without the capability to integrate new functionality the data centre is open to new vulnerabilities.
Data centres attract cyber criminals like honey attracts bees. Sophisticated attackers think about all possibilities and will probe for weaknesses in both the virtual and physical perimeter until they discover a vulnerable link that allows them to gain access while remaining undetected.
This then allows them to acquire sensitive data over an extended period of time. Consequently, as data centers grow to meet increased demands and changing needs, it is important to phase out outdated or poorly maintained devices and systems.
One of the challenges with holding data from companies across a number of different industries is ensuring that you are compliant with an array of different regulations. For example, a single data centre could have to comply with the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the ISO 27001 information security standard, and the Service Organization Control (SOC) and SOC2 standards.
The configuration and management of physical security systems is impacted by these regulations. Article 15 of the GDPR, for example, states both that any member of the public can file a data subject request to obtain CCTV footage and that the right to obtain a copy shall not adversely affect the rights and freedoms of others.
Practically this can throw up a number of logistical challenges for a data centre, particularly if it is unable to automatically redact other people’s faces in video footage. While an organisation can try to manually redact faces in every frame of requested video, the process is difficult and time consuming.
How can data centres overcome these challenges?
Colocation data centres should be paying attention to these three key areas to remain competitive – embracing unified physical security, taking a layered approach to security and ensuring physical security systems are cyber secure.
Unified physical security
A scalable, unified security platform integrates video surveillance, access control, automatic number plate recognition (ANPR), communications, analytics and more on a single platform, enabling increased site security.
It helps security teams to simplify and accelerate investigations by creating a single view of all of systems within the network. Because personnel have everything they need in one interface, their response times are faster and they can address events and incidents with a greater understanding.
A unified platform can also streamline compliance operations by making it easier to set expiry times for contractor passes and by automating report sharing. A unified platform, together with a visitor management module, can allow data centres to customise reports and save them for future auditing, making running a report as easy as pressing a button.
A layered approach to security
Data centres have multiple overlapping perimeters, each with their own rights of access, risk profile, and operational requirements. This includes specific partitions that must be maintained when it comes to individual customers’ hardware and data. Data centres must dynamically control access to specific halls, rooms, and even cabinets.
As a result, relying on one sensor or analytic to detect intrusions is inefficient and can lead to increased vulnerability. Instead, a layered approach to perimeter security is required that can include the likes of video surveillance, numberplate recognition, LiDAR, fencing and more to prevent unwanted incursions.
Cyber securing the physical
Physical security devices connected to the network, such as video surveillance cameras, access control readers, are an entry point threat actors are using to gain access to networks of enterprises. Simply ensuring that these devices are running on the latest firmware and that they aren’t using default passwords can eliminate many of the risks associated with device vulnerability.
Physical security personnel have a lot on their plates and a growing list of responsibilities, updating core business systems and devices is not always at the top of the agenda. By shifting this burden away from employees, companies like Genetec are helping data centres reduce the risk of cyberattacks.
Keeping the ecosystem of devices up to date and secure, for example, allows data centers to build resilient cyber and physical security frameworks to run their operations.
Using a platform to unify security systems is an effective and proven approach to helping data centres keep up with evolving regulations, risks and threats while always ensuring customer needs are met. The data centre is going to be at the heart of so much of our evolving economy and society, making sure that we are taking the best care possible of the assets within the centres, while understanding the needs of customers using them has never been more important.