Many of the cybersecurity incidents that dominate headlines in the present day contain software-based breaches – that means the unhealthy guys focused functions hosted in knowledge facilities, not the information facilities themselves. In that sense, there could not appear to be an entire lot to say about knowledge heart safety other than the significance of securing workloads that reside inside knowledge facilities.
As DCN‘s high safety tales of 2024 present, nevertheless, that is hardly the case. Alongside conventional cybersecurity information, quite a lot of different security-related concerns – starting from placing out literal fires inside knowledge facilities, to dealing with the distinctive safety challenges of edge knowledge facilities – additionally outlined how we talked about knowledge heart safety this yr.
As an instance the purpose, this is a have a look at our high knowledge heart safety tales from 2024.
In August, we printed an outline of information heart safety and breach prevention. It included advisable measures which can be in all probability apparent, like managing bodily entry to knowledge heart amenities. Nevertheless it additionally mentioned some practices which can be simpler to miss – corresponding to vetting whom you rent to work in your knowledge facilities and optimizing community infrastructure (with the intention to velocity response and restoration within the occasion of a cybersecurity incident).
Whereas the community has an essential function to play in bettering knowledge heart safety, it additionally creates some novel dangers – corresponding to multi-tenant and cross-tenant safety dangers. These come up when workers create private accounts on the identical cloud providers or platforms that their corporations use. As a result of the providers and platforms are accessible through the company community, there’s typically no approach on the community degree to forestall workers from deliberately or by accident utilizing the community to add delicate knowledge into their personal accounts, which might not be correctly monitored or secured.
This can be a advanced problem with out easy options, nevertheless it highlights how the rising complexity of cloud and knowledge heart networks – and the third-party providers they combine with – is complicating knowledge heart safety.
No certification can assure that workers will observe safety finest practices or mitigate dangers. However certifications can assist – which is why we detailed standard safety certifications for knowledge heart personnel. As we defined, there is no such thing as a certification that focuses on knowledge heart safety particularly, however many certifications can be found that cowl key abilities for enhancing knowledge heart safety.
Buying cyber insurance coverage is one other approach to assist mitigate knowledge heart safety dangers, amongst different challenges, as DCN contributors defined in an October 2024 article. Simply watch out, nevertheless, to make sure that the insurance coverage you receive supplies satisfactory protection in opposition to cybersecurity incidents. Coverage particulars and protection quantities can differ broadly, and you do not need to uncover the laborious approach that your coverage would not pay out sufficient to permit your corporation to get better efficiently from a cyber incident, or that the kind of incident you skilled is just not lined.
Higher than receiving a payout following a safety breach or different disruption in your knowledge heart is just not having an incident happen in any respect. That is why figuring out and mitigating frequent knowledge heart uptime threats – which embody points corresponding to IT gear and networking failures, in accordance with Uptime Institute analysis launched this yr – is a essential finest observe.
Apparently, the Uptime Institute reported that info safety breaches account for simply 1 % of all knowledge heart downtime incidents, suggesting that knowledge heart operators looking for to maximise uptime ought to prioritize different forms of dangers. However bettering cybersecurity actually will not harm.
In a bid to enhance uptime, knowledge heart operators could select to outsource some providers to third-party suppliers that promise Service Degree Agreements (SLAs) of 99 % or higher. Theoretically, which means providers will probably be out there a minimum of 99 % of the time. However in observe, the way in which that service suppliers calculate SLAs could make uptime ensures deceptive – and even trigger them to really feel like a “swindle,” as our contributor put it.
The takeaway right here is just not that SLAs haven’t any that means – they do – however that it is essential to learn the superb print about how an SLA is calculated, in addition to how nicely a supplier has truly upheld SLA commitments up to now, earlier than assuming that you will essentially benefit from the marketed uptime.
Whatever the SLAs that your service suppliers promise, an essential step towards optimizing knowledge heart uptime is guaranteeing you’ve gotten a plan in place to get better effectively when catastrophe strikes – whether or not it is a cybersecurity incident or one other sort of disruption, corresponding to IT gear failure or a hearth.
Our information to knowledge heart catastrophe restoration, printed in July, particulars the varied preparations that knowledge heart operators ought to undertake to make sure they’re prepared for the worst – at the same time as they hope for the perfect.
To dive deeper into managing a particular sort of information heart safety and uptime risk, we additionally printed steerage this yr on stopping knowledge heart fires. The report, which displays classes gleaned from precise fires that came about at knowledge heart amenities owned by corporations like Google and AT&T lately, gives tips about constructing resilience in opposition to fires, in addition to methods to meet rules associated to fireside security in knowledge facilities.
In October, DCN lined a presentation by James Monek, director of expertise infrastructure and operations at Lehigh College, about how his staff responded to a knowledge heart fireplace. The foremost takeaway is that, because of having an efficient fireplace suppression system in place in addition to cautious catastrophe restoration plans, the group was capable of reduce the bodily harm attributable to the fireplace and restore operations in a short time. However Monek additionally talked about some objects that he wished his staff had dealt with higher, corresponding to having extra clearly outlined tasks for who was in control of managing which points of the response course of.
The majority of information heart safety protection in 2024 centered on conventional knowledge facilities – that means giant amenities with robust bodily safety controls and safe ambient environment. However what occurs when you’ve gotten an edge knowledge heart, which can not have on-site employees, could also be situated in a much less safe space and will lack typical monitoring and safety management programs? In that case, it is advisable to undertake additional preparations to mitigate safety dangers, corresponding to avoiding labeling your edge knowledge heart as such (to scale back the danger of malicious actors concentrating on it) and shifting the ability periodically, if possible.
