Maksim Kabakou - Fotolia

Security Think Tank: Datacentre security is a business imperative

That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model?

Mike Gillespie
By
  • Mike Gillespie

We have seen unprecedented change in business and user working styles. Some businesses have moved exclusively to cloud and datacentre, some have done what looks the opposite and started bringing the edge of their network back into a physical domain that they control, but this isn’t strictly true, because every device will still reside with its user.

However, we can see that people are looking to a more hybrid and flexible way of working and the need to secure multiple environments is increasing, not decreasing, for most.

Part of the problem we have faced traditionally has been the perception of risk and ensuring that businesses understand they are not moving the responsibility for the data they hold simply by changing or diffusing its geography. The level of third-party data breach has driven levels of concern higher and the physical location of data is part of that concern.

Of course, this is by no means the only reason for diffused or multiple datacentre options, but awareness of this is very important.

When choosing a provider and datacentre, there are some key security considerations and some of these should be included in your service-level agreement (SLA), so having security involved in the specification and procurement is a very good idea.

We were initially sold cloud because it was secure and resilient and now they want us to buy cloud security and resilience solutions, so reading the small print is vital – and assume nothing.

What can security professionals do? Become more business-focused, understanding the organisation’s ways of working, the needs of the users and how technology can enable and improve business effectiveness and efficiencies within a framework of risk management, not risk avoidance.

Communicate with peers and business leaders in a more professional and business-like manner so that risks are fully articulated, appropriately and pragmatically mitigated in line with agreed risk appetites, with risk acceptance and ownership being within the business, not the security team.

Things to consider:

  • Do you know exactly what data will reside where?
  • Have you agreed to data being moved as part of cost-control measures?
  • As such, will you be informed of any moves?
  • Have you placed hard end-points to ensure data may not be moved beyond those points to unsuitable locations or locations that may cause contractual issues with clients?
  • Do your existing client contracts have any regulatory requirements for stored data?
  • Do you have a right of physical audit of all locations?
  • What security assurances and certifications do the premises have, physical and information?
  • Is third-party or supplier security audit part of your standard business practices?

The more connected we are to our information assets, the better. This isn’t just a security issue and it isn’t an IT issue – it’s a business issue. That means information sharing and availability need to be as comprehensively considered as the security of the information.

Content Continues Below

Read more on Cloud security

Start the conversation

Send me notifications when other members comment.

SearchCIO

  • 5 ways to keep developers happy so they deliver great CX

    Companies need to work on ensuring their developers are satisfied with their jobs and how they're treated, otherwise it'll be ...

  • Link software development to measured business value creation

    Companies must balance customer needs against potential risks during software development to ensure they aren't ignoring security...

  • 5 digital transformation success factors for 2021

    With the right planning, leadership and skills, companies can use digital transformation to drive improved revenues and customer ...

SearchSecurity

  • 8 benefits of a security operations center

    A security operations center can help lessen the fallout of a data breach, but its business benefits go much further than that. ...

  • Weighing remote browser isolation benefits and drawbacks

    Remote browser isolation benefits end-user experience and an organization's network security. Compare the pros, cons and cost ...

  • Compare 5 SecOps certifications and training courses

    Explore five SecOps certifications available to IT professionals looking to demonstrate and enhance their knowledge of threat ...

SearchNetworking

  • Network pros share Cisco DevNet certification advice

    Cisco DevNet certifications require a lot of time investment, but network pros who pursue the certifications say the gained ...

  • Cloud automation use cases for managing and troubleshooting

    Cloud automation use cases highlight the benefits these tools can provide to companies evaluating how best to manage and ...

  • A look inside the official Cisco DEVASC 200-901 guidebook

    In this book excerpt, readers can explore the Cisco DEVASC 200-901 official guide and get a flavor of one of Cisco's newest exams...

SearchDataCenter

  • Avoid server overheating with ASHRAE data center guidelines

    Finding the right server operating temperature can be tricky. ASHRAE standards provide guidance for all server classes and what ...

  • Hidden colocation cost drivers to look out for in 2021

    These unexpected charges and fees can balloon colocation costs for enterprise IT organizations.

  • 5 ways a remote hands data center ensures colocation success

    Off-site hardware upkeep can be tricky and time-consuming. With remote hands options, your admins can delegate routine ...

SearchDataManagement

  • Ataccama automates data governance with Gen2 platform update

    Data management vendor Ataccama adds new automation features to its Gen2 platform to help organizations automatically discover ...

  • IBM to deliver refurbished Db2 for the AI and cloud era

    IBM has a tuned-up version of Db2 planned, featuring a handful of AI and machine learning capabilities to make it easier for ...

  • Fauna improves data API collaboration and security

    A database company founded by former Twitter engineers is pushing forward its vision of a way to consume database as a service ...

Close