Tying your enterprise data security policies to data center security best practices is critical to prevent cyberattacks.
Why Data Security is a Shared Responsibility…and How Data Center Security Factors In
Over 707 million records were stolen worldwide in 2015, according to digital security expert Gemalto—a number that they suggest is understated as almost half of companies had an unknown number of records stolen.1
These cyber-attacks will continue to increase, both in number and sophistication, as we become more globally connected—and the bad actors intent on carrying out their malicious acts become more connected.
Unfortunately, detecting and preventing cyber-attacks is made more difficult because the security strategies of the IT teams and the facilities teams—who are responsible for data security and building/physical security, respectively—often don’t align.
This problem becomes much more pronounced on a macro level when your organization uses cloud or colocation hosting services from a third-party data center provider.
So how do you maintain the highest levels of data security…and who’s ultimately responsible? The truth is, it’s a shared responsibility.
Think of it in terms of renting a house: A third-party data center provider secures the “house”—data center security—including the perimeter, the overall environment, and colocation spaces. You secure the contents of the “house”—data security—such as applications and content.
There is, of course, no clean boundary and you’ll need to do your due diligence so you know precisely where the handoffs are. That’s why it’s important to choose a data center provider who will take a 360° approach to security—one that ties data security to data center security–and will work closely with you to ensure a tighter security posture than before you contracted with them.
This data center provider should also use all available security measures to synergistically protect the data center from every angle that a potential adversary might attack it—from external physical threats to insider threats, both malicious and unintentional. These best practices should be used not only to secure the digital environment, they should guide physical data center security as well:
- Best-in-class physical security monitoring and control.
- Systems and processes to secure against insider threats.
- A modular data center that provides complete physical separation for your IT infrastructure.
- Data center infrastructure management (DCIM) software that monitors the physical data center environment.
- A software-defined Service Provider Network to securely and efficiently extend your internal network within the provider’s data center and to any third-party cloud services, without using the public Internet for transport services.
- A global data center footprint, DCIM software, MPLS backbone, dedicated point-to-point connectivity, and Service Provider Network for business continuity and disaster recovery that’s easy to setup and maintain.
To learn more about how to ensure the highest security when outsourcing your data center—and what questions you should ask a potential data center provider—download our Security Solutions Guide “Data Security in an Insecure World.”
1 “2015: The Year Data Breaches Got Personal,” Gemalto, 2016.