Data centres are still a tempting target for hackers. Here's how to improve your security

2 years ago 172
BOOK THIS SPACE FOR AD
ARTICLE AD

Even if cloud computing is on the rise, there are still a lot of corporate data centres around and these are a very tempting target for cyber criminals and malicious hackers. 

To help protect data centres – and the data stored within them – the National Cyber Security Centre (NCSC) and the Centre for the Protection of National Infrastructure (CPNI) have come together to offer security guidance to data centre operators and users. 

"Operators and users of data centres have a clear responsibility to protect the data that they hold and process – failing to do this poses a massive financial, reputational and, in some cases, national security risk," said Dr Ian Levy, technical director at NCSC.  

"Owning these responsibilities means understanding the array of methods that malicious actors could use to compromise a data centre both physically and digitally," he added. 

SEE: Cloud computing: Spreading the risk with the multicloud approach

There are several issues that data centre operators and users should be thinking about to ensure best security practices, which will help keep data safe and secure. 

Risk Management 

Both data centre operators and users should be able to identify their assets, identify threats, assess risks, develop a protective security strategy and implement the correct measures to ensure all these concerns are managed. These processes should also be reviewed periodically as risks and threats can change. 

Measures should also be put in place so, in the case of a data centre being targeted by an attack designed to disrupt it, services can be maintained. For data centre operators, risk management should be driven by senior leaders. 

Resilience 

Data centres need to be resilient against various threats and hazards. While this includes denial-of-service (DDoS) attacks and other cyberattacks, they also need to be resistant to hardware failures, power outages and natural disasters. For power outages, for example, organisations need to ensure there's a reliable backup system that can keep it going. 

Users should also make plans based on the assumption that at some point their cyber defences could be breached and know how they'd be able to detect and react to attacks to minimise the impact of cybersecurity incidents. 

Geography and ownership 

It's important for organisations to know where data is stored, particularly if cloud-hosting providers operate around the world. The NCSC notes that storing data with service providers that host servers in China and Russia could be considered a risk because of laws around access in those countries. 

Physical perimeter and buildings 

It isn't just cyberattacks that are a threat to data centres – there's the risk that they could be physically attacked or sabotaged, too. Data centres should be physically secure perimeters designed to keep unauthorised visitors out and make the server rooms difficult for anyone without permission to enter. Detection measures should also be put in place to identify intruders and keep them out, including physical security systems, CCTV and alarms. 

People  

With the right training, people can become a force to improve security. Employees and users who are aware of potential cyber threats can help to identify and disrupt potential cyberattacks, while a good security culture throughout the organisation can reduce the risk of insider threats becoming a problem. For data centre customers, it's important that the data centre provider demonstrates policies and procedures it has in place to show that it's personnel operate securely. 

Supply chain 

Cybersecurity vulnerabilities can be introduced at any part of the software supply chain, especially if key services like data centres and storage are being purchased from third-party suppliers. As various incidents have proven, it's possible for cyber attackers to compromise suppliers and use them to gain access to the networks of their customers. It's important to understand the potential risks in the supply chain, to research who the provider is and what their security structure is like – and have a plan in place if things go wrong. 

Cyber 

It's important to remember that data centres are valuable targets for cyber criminals and nation state-backed hackers. In many cases, the aim of the attacks is to steal or even destroy data. Those responsible for data centres of their organisation should make plans based around the idea that a successful cyberattack will happen and take steps to ensure incidents can be detected and minimised. 

MORE ON CYBERSECURITY

It's time to stop hoping that cybersecurity problems will just go awayCloud security in 2022: A business guide to essential tools and best practicesWant to boost your cybersecurity? Here are 10 steps to improve your defences nowHackers are aiming at this 'easy target'. Here's how to protect yourselfBosses are reluctant to spend money on cybersecurity. Then they get hacked
Read Entire Article