For the November issue of Inside Networks Magazine, Bluepoint Managing Director Kathryn was invited to contribute her thoughts about how data centres can optimise physical security.
Find the full Inside Networks article here, including some interesting points made by all contributors, or keep reading for Kathryn’s extended response.
Q: What are the key physical security threats currently facing owners, operators and users of data centres, and are these facilities now considered prime targets? Is security taken seriously enough and what can be done to mitigate any risks and protect data centres from those with malicious intent?
Kathryn Aves, Managing Director at Bluepoint Technologies
A: Firstly, I feel it is important to highlight that many of the potential security threats facing data centres have arisen due to the enormous growth the industry continues to experience year on year. Therefore, the microscope falls on issues of scale, and on ensuring the existing expertise, skills and knowledge are extended across an ever-growing network is the great security challenge facing data centres.
Alongside this massive, continued growth is the increasing demand for Smart Hands services, particularly for small data centres hosted at multiple physical sites. The benefits of Smart Hands, such as cost and speed of service, are obvious and are a major factor in the service growth.
However, the security of data sits under the disadvantages of such services. While Smart Hands communicate with remote technical assistance teams to assess and solve problems, there is currently no stipulation in place to ensure that the hands on the ground are qualified to a minimum recognised standard or have received any level of security clearance. In fact, as it stands Smart Hands are not required to be certified technicians, and or even be trained in the technologies they are maintaining.
A lack of standardised minimum competency is an issue extending beyond data centre security into the wider industry. At the 2020 Connected Britain event, Openreach HR director Kevin Brady noted that: “there is still quite a gap when it comes to skilled workers (in the industry).” While at the same event Stephen Hough of Acome revealed that his organisation “has seen a number of self-proclaimed engineers who have “trained” via Youtube and rebranded themselves.”
Without standardised competencies and security clearances for those working in data centres, the very serious threat arises of security breaches caused by ‘pirate engineers’, whether by design or accident. Therefore, it is essential that a wider scope of industry-recognised qualifications and registers of demonstrated technical competence are introduced for security-critical skills.
The issue of personnel, from technical engineers to the end-user, is always at the forefront of data security. Ensuring security screening of staff and 3rd parties is in place, and continually up to date is an ever-increasing challenge as the industry grows, but one that is essential to ensuring the security of the data held in any environment.
Another issue arising is the placing of critical infrastructure within data centres not meeting the necessary security requirements. Exacerbated by lightning-fast growth in Edge computing, itself fuelled by the extreme surge in IoT and IIoT devices (there are now 200 billion devices worldwide sending 59 zettabytes of data every day, compared to 2 billion just 13 years ago) the mammoth demand is leading to more and more data racks being installed within smaller data centres, not all of which are necessarily fit for purpose when it comes to security.
I should also mention ingress points, and the need to ensure that these connections to the site of connectivity providers are protected, that the routes are known, secured, and are always covered by security.
While it may not seem like an issue directly related to data security, growing global political unrest has the potential to become a major threat to the security of data environments. For an example, look no further than the 2020 US presidential election, during which the campaigns of both White House frontrunners were subject to cyber-attacks from hackers from multiple countries. In a world which is feeling less stable and in which information is king, data centres must be aware that they could become prime targets.
Find out more about: