Turing's Man Blog
- Last Updated on Tuesday, 24 June 2014 21:42
- Published on Saturday, 13 April 2013 20:18
- Written by Pawel Wawrzyniak
- Hits: 14454
When two persons are talking about “data center security” - with a very high probability we can assume – they most often think about different areas. Why? Because “data center security” is a very wide term behind which we can hide many issues. As usual, the good idea is to divide the whole subject into smaller domains of closely related issues, then we can start talking again. Surely, another good idea is also to learn by observation – how market leaders approach to “data center security”? Here we have Google’s example.
Before we will watch the movie, let’s make some conclusions – what do you think when you hear “data center security” term? When someone from upper management asks “is our data center secure?” – do you think about data center facility and its perimeter in sense of physical security, including procedures, policies, regulations and all related systems like CCTV (Closed Circuit Television), access control, fire detection and prevention, BMS (Building Management System), security guards etc.? Or, maybe you think about data protection issues, especially cryptography, secure communication channels, data-loss prevention, backup schedules, advanced Intrusion Detection/Prevention Systems, including regulations related to the way how data storage devices are decommissioned (storage media destruction)? Otherwise, you can also think about operational security of your data center, having in mind redundant diesel power generators, advanced cooling and sophisticated UPS systems, as well as ANSI/TIA-942 or Uptime Institute Tier levels and overall reliability of critical infrastructure, including BCP/DRP (Business Continuity Planing and Disaster Recovery Planning) issues, redundant telecommunication links, data synchronization between data centers (primary, secondary… hot, warm, cold sites) etc.
As we can see, there are many ideas what “data center security” can be. Moreover, we can be quite mature in one domain, where another can need immediate improvement. Therefore, next time we are asked “is our data center secure?”, we should rather wait with actual answer and try to precise this question by asking additionally: “are we talking about physical security (1), protection of the data (2) or reliability of operations (3)?” – especially, if we cannot just say: “yes, it is”.
Now, we can watch the movie on Google’s approach to data center security – to learn by observation and have some more inspiration in the area of “data center security”. Have a nice time.
If we need business explanation for the importance of “is our data center secure?” question – nothing simpler. Our customers benefit from the fact we’re doing our best to secure their data, hence we think about all domains of “data center security”!