"If data is the new oil, data centers are its reservoirs." This quote from the Times of India underscores the growth of digitalization and the need for physical data stores.
The ASIS Blog sat down with Sushil Pradhan, Executive Director and COO at MitKat Advisory based in Mumbai, India to discuss the role in security’s role in protecting information assets across the globe.
What is spurring the massive growth in Data Centers across the world, and why is it of interest to security professionals?
Organizations today rely heavily on data for the delivery of business-critical services, often directly to the end consumer. Cloud storage, artificial intelligence, machine learning and the Industrial Internet of Things (IIoT) are rapidly growing, and more and more data storage will be needed to hold the data. The breakneck speed of digitization triggered by Covid-19, coupled with the rise in the number of data guzzling smart devices, the need for high-speed internet, and ‘cloudification’ of applications has fueled a massive growth of Data Centers across the world. It is imperative that Data Centers have a high level of physical, logical and IT security as well.
How is the security of data centers different from the security of other premises?
Since companies are housing their mission-critical infrastructure in someone else’s facilities and entrusting them to protect the techno-infra backbone of their companies, they want assurances that the DC is secure and resilient. A breach in physical security could cause the theft of data and devices that will make software security redundant. In Data Centers, high security equals high availability equals high reliability; and down time is as bad as a breach. Thus, high security is the USP for selling space in a Data Centre – so it’s a powerful tool for Business Development.
How can security managers keep themselves abreast with the latest security requirements of Data Centers?
Once a suitable Data Center site has been assessed and approved from the security perspective as well as the other business decision points, the next step is to integrate various physical and logical security systems into the design and architectural plans. Data Center security controls must be ‘built-in’ and not ‘bolt-on’, and is all about restricting and managing access. This can be done by a combination of security design (generally aligned to the principles of CPTED – Crime Prevention Through Environmental Design), security systems (surveillance, access control, perimeter, etc.) and security processes. Every aspect of a Data Center’s security should work in concert with other elements as part of a comprehensive, layered system.
What are the emerging new threat vectors for Data Centers that security professionals must be aware of?
Some of the emerging threat vectors are:
- Drone threat – delivery of munitions, hostile drones, espionage
- Lone wolf attacks
- Threats from state-sponsored actors
- Unconventional threat vectors – aircraft, drone swarms, nanobots, Electromagnetic/Directed-Energy weapons
- Threats that are peculiar to underground or underwater Data Centers
How will the new regulations, compliances and laws across various regions affect the way the security for Data Centers will have to be implemented?
Data Centers must be built as per various standards and compliances from the functionality and IT security perspective; however, these vary from country to country. The security standards are even harder to define. Privacy issues are becoming more common because convergence is continually increasing the data collection, data analysis and data integration capabilities of security systems. Security managers of Data Centers will be expected to outline how privacy-restricted security data will be protected, prior to granting approval for its use.
