Cyber Security Najave II Office / Corporate Software

New data center security tech for integrators to utilize

Data centers are like many mission-critical facilities, overwhelmed by an ever-increasing volume of data generated by many siloed safety and security systems. While all these systems provide valuable information, the sheer volume of unfiltered and uncorrelated inputs results in data “noise” that drowns out what’s essential and overloads operators.

By Prasanth Aby Thomas, asmag.com

“Today, more data centers are implementing situational awareness platforms that allow operators to focus on critical insights and execute the necessary actions to help protect what matters most,” explains Alan Stoddard, President of Cognyte Situational Intelligence Solutions. “These types of technologies identify the data needed to protect an organization’s most significant assets — in this case, network infrastructure — and are also part of the power of the intelligent security operations center.”

Additionally, the data visualization framework empowers security leaders to present historical data from systems into a live dashboard. With this type of centralized, real-time view, security teams can transform the way they track, visualize, analyze, and reach their security goals.

Focus beyond the data in data centers

 Data centers should consider deploying the same types of countermeasures that you would in any mission-critical facility, such as multi-factor authentication, anomaly detection, identity management, access control, and video surveillance.

But John Rezzonico, CEO of Edge360, points out that often the focus is still on the data security side. If the same protocols in establishing cybersecurity measures were used across physical security, these facilities would be better prepared to protect physical assets from threats.

“It’s also crucial for data centers to closely evaluate their video management platforms to ensure they can scale as risks and needs evolve,” Rezzonico said. “New VMS solutions today are built on modern IT infrastructure and containerization. A containerized system leads to better security because full-application isolation makes it possible to set each application’s primary process in separate containers. This also provides ease of maintenance and sustainment across an enterprise, which is more important when maintaining critical systems remotely.”

Physical security without compromising cybersecurity

While physical security integrators do need to look beyond data to get their work done, this should come at the cost of cybersecurity. In fact, ensuring both physical and cyber security with equal importance should become a prerogative for integrators because of the interconnected nature of modern devices.

“Security integrators need to ensure the vendors they are working with follow a security-first strategy when developing physical security systems,” Stoddard said. “Manufacturers should be providing physical security products that are cyber secure and tested regularly to ensure optimal compliance. This is non-negotiable in today’s evolving risk environment.”

Cyber security and physical security go together, and integrators need to know how to consider the impact of both physical and cyber breaches as part of their deployments. They must invest in understanding both sides of the security equation to deliver comprehensive service to mission-critical businesses like data centers. If not, they are opening the door to risk.

What integrators should know

Worldwide IT spending is projected to total $4.5 trillion in 2022, an increase of 3 percent from 2021, according to the latest forecast by Gartner. Spending on data center systems is forecast to experience the strongest growth of all segments in 2022 at 11.1 percent. This suggests the potential growth for physical security in this segment.

But while data centers offer a great business opportunity for security systems integrators, they need to make the customer realize its relevance. It’s essential for security integrators to work closely with the customer to make sure they know the considerations that need to be completed and the requirements for physical security within these complex environments.

“If integrators cannot teach the customer why they need to deploy the protections necessary, they shouldn’t be working within the data center market,” Rezzonico said. “To be truly successful in this market, integrators must understand the needs of the market and facilities as it relates to physical security and the customer’s complete business strategy.”

In short, to take advantage of the demand in this sector, integrators must have a clear understanding of the market and should be able to impart this knowledge to the customer. There are a number of solutions at their disposal for data center projects, but working with the unique requirements of each customer would prove to be the key.

Data centers often receive more attention for cybersecurity because of the nature of the assets they hold. While this is important, it leaves the physical side of things vulnerable to theft, robbery, and vandalism. Post the pandemic, this has become an even more critical issue because of the increased amount of data entrusted to these places.

The seriousness of the situation is not lost on most major data center managers. A quick search on Google for data center physical security would throw up specific pages on how AWS and Microsoft Azure protect their sites. That these companies feel the need to explain the measures they take indicates the severity of the matter.

But the biggest challenge in protecting data centers is the rapid pace at which they grow and evolve. Integrating physical and logical systems in such a dynamic environment requires careful consideration of various factors and optimized strategy. Asmag.com spoke to some of the top industry professionals to understand the biggest threats to data centers and how integrators can go about protecting them.

Major threats to data centers

Most data centers focus on software and implement data security tools such as firewalls to identify and mitigate cyber threats. But the need for the physical security of these facilities is paramount. A breach in physical security can lead to data theft and cause breaches that compromise data security.

“With the increasing threat of cyberattacks and natural disasters, we must work to ensure the security of data centers to protect intellectual property, ensure compliance and maintain security and resiliency standards to keep these facilities safe,” said Alan Stoddard President at Cognyte Situational Intelligence Solutions. “Additionally, we must be cognizant that data centers are evolving. The increased deployment of cloud-based and edge data center facilities will increase the demand for physical security solutions in the coming year.”

But perhaps the real problem now is not the lack of technology to protect data centers but the lack of its appropriate use. John Rezzonico, CEO of Edge360, pointed out that the lack of timely upgrades and maintenance is a major cause of concern.

“Data centers typically have many physical security devices in a small space or area, which can be challenging to manage,” Rezzonico said. “On top of that, many data centers establish security systems and then allow physical security software, like video management platforms, to become outdated. But this fact must change: As more businesses shift to remote work and the storage of critical data via the cloud and within these data centers expands, the need for solid security in these facilities is growing, and protecting them becomes more critical.”

It’s also important to note that the focus for these facilities has primarily been on protecting the network, which means physical security programs have taken a back seat. But the protection of the brick-and-mortar facility is just as, if not more, important as ensuring captured data is protected.

Checklist for data center physical security

Data center security should follow a specific formula for protecting assets, with the idea of concentric circles. The outer layer represents perimeter security; the next is the hardening of the facility itself and preventing unauthorized access.

Next, security leaders should focus on securing the racks where the data and servers are stored. Finally, there must be another added layer of security around the controls for those server rooms to prevent any bad actors from accessing them.

“At each level, there needs to be a standard amount of physical and cyber security protection, which should be common practice across data centers, whether public, private, co-located, or on-site,” Rezzonico said. “The same policies and methodologies should be applied no matter the size, type of data center, or location. Still, they are often not, creating a facility that lacks the proper security measures for protecting critical data.”

Stoddard agrees that the best way to secure a data center is to manage it in layers. A multi-layered approach best supports proactive planning and makes identifying and mitigating a failure or breach easy. Here are some best practices that he suggests to consider:

1.Conduct regular audits: Internal audits ensure that systems and processes are working as intended. Audits should check for vulnerabilities in the data center facilities as well as across systems and devices.

“Access control systems, video surveillance cameras, and electronic locks must be checked to ensure proper function,” Stoddard said. “Security leaders should also continually assess whether a change in personnel calls for an update in the procedures and systems.”

2. Strengthen situational awareness: Any facility requiring extra protection, like a data center, should adopt an intelligent security approach. Funneling all data and systems into one centralized platform provides a higher level of oversight over security and operations.

3. Establish redundancy: Avoid the opportunity for downtime or system failure that results in a shutdown by creating redundancy across your data center operations. Data center failures can be prevented with proactive planning, testing, and awareness.

4. Enhance video surveillance: Video systems should be comprehensive and cover indoor and outdoor areas. Additionally, 24/7 video monitoring is critical to helping identify potential anomalies before they become more significant issues. Security guards can also be an essential component in augmenting technology.

5. SOP updates: Standard operating procedures need to be evaluated and tested regularly. This process also includes refresher training on the emerging or new security measures that need to be followed. Because risks are changing and evolving rapidly, regular checks of existing processes and procedures are recommended.

Conclusion

The technology needed for physical security at data centers is not complex. But what is often not up to the mark is the maintenance and operation. Steps like regular audits and SOP updates that Stoddard suggested highlight this concern.

In the coming years, we will likely see the number of data centers increase worldwide as more customers become aware of the importance and convenience of cloud-based solutions. This means more opportunities for physical security systems integrators. While challenges are a concern, it presents new growth areas with the right approach.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *