Defending the bodily infrastructure of a knowledge middle is a central concern for securing the power’s servers, networks, and hosted information and purposes.
In spite of everything, information facilities are bodily buildings with real-world vulnerabilities based mostly on all their connections for good HVAC techniques, hearth suppression controls, electrical gadgets, and even safety cameras.
Any digital machine inside a knowledge middle that’s linked to a community may develop into a pathway for cyber-attacks, other than the central racks of pc gear and community gear itself.
Knowledge middle infrastructure administration (DCIM) platforms present facility managers with a capability to observe and management the bodily infrastructure inside a knowledge middle.
Nonetheless, these similar software program platforms may present unauthorized entry factors for hackers to provoke unconventional cyber-attacks, equivalent to importing malicious backup recordsdata through payloads which can be put in via bodily gadgets.
In different circumstances, attackers could attempt to achieve entry and disrupt the cooling techniques in a knowledge middle, inflicting servers to overheat and fail.
One other ongoing menace for information facilities includes their want for an uninterruptible energy provide (UPS). CISA has warned that dangerous actors are identified to realize entry to internet-connected UPS gadgets stemming from lax safety measures that enable unchanged default usernames and passwords.
Greater than 20,000 cases of DCIM software program, clever monitoring gadgets, thermal cooling administration management techniques, and rack energy displays have been public-facing and susceptible to cyberattacks in 2022, in line with Cyble Research Labs.
Since then, greater than half of knowledge middle operators (55%) have reported some sort of outage, in line with the Uptime Institute’s Global Data Center Survey 2023.
Taking Steps to Defend Continuous Knowledge Middle Uptime
Avoiding a cyber-attack on a bodily information middle requires operators to be exhaustive when mapping out the power’s operational know-how (OT), together with its many linked gadgets and factors of entry.
To make sure continuous uptime, facility managers ought to evaluation their safety protocols for essential techniques involving infrastructure administration, electrical administration, constructing administration, and safety administration.
DCIM software program takes a holistic view to observe, analyze, and handle a facility’s general energy and cooling techniques, together with its server utilization, asset monitoring, and different very important capabilities. OT networks make use of devoted communications protocols and redundant techniques to take care of reliability and resilience.
Normal safety procedures embody commonly updating and patching software program purposes. One other efficient measure is community segmentation: information middle OT networks must also be segmented other than IT networks to additional enhance safety.
Newer instruments for information middle OT safety embody unidirectional gateway know-how options encased in {hardware} to take care of a singular one-way switch of knowledge between two networks, not forwards and backwards. The software program shops copies of lively servers and gadgets from the OT community to share with the enterprise community in actual time.
As a result of the {hardware} can solely ship information in a single path, newer assault vectors can by no means attain again into the community via the gateway server.
Electrical administration techniques are mission-critical for sustaining continuous uptime in any information middle. Assaults on electrical energy era and distribution techniques can result in disruptions or outright energy failures. Knowledge facilities that get taken offline face pricey service interruptions, {hardware} damages, buyer information losses, and even potential lawsuits.
One other safety concern for a knowledge middle includes constructing administration techniques that management constructing environments for temperature, humidity, airflow, and hearth suppression. Every machine and level of entry can introduce alternatives for unauthorized entry.
Likewise, if safety administration techniques for video surveillance, entry controls, and menace detection are compromised, unauthorized people may achieve entry to information middle controls and operations.
Mitigating a Threat First Requires Understanding Its Penalties
To guard the essential bodily infrastructure of a knowledge middle from cyber-attacks, facility managers first have to undertake a robust cyber danger framework as a part of their general safety posture.
Good cyber danger governance begins by translating potential dangers into financial phrases after which prioritizing the worst dangers for remediation.
New methods for danger mitigation embody cyber danger quantification and administration (CRQM) instruments that may assist information middle operators assess the complete vary of enterprise damages ensuing from OT vulnerabilities.
CRQM instruments totally analyze the impacts of any potential cyber incidents after which prioritize the highest sources of danger for mitigation.
Cyber danger assessments may also improve cybersecurity assessments by including deeper contextual data to the analysis. On this method, information middle operators can proactively handle their cyber danger portfolio to prioritize danger mitigation tasks and make extra knowledgeable cybersecurity funding choices.
Jose Seara is CEO of DeNexus.
