Data Center Security: IT Experts Share Top Insights
Keeping your data center secure is a big challenge, especially when you’re responsible for protecting sensitive and valuable information.
Unfortunately, despite your best efforts, breaches can and do happen. When it comes to data center security, strong security measures are your best defense against physical and virtual breaches.We’ve compiled information from top IT experts who have shared their insights on which data center security best practices to implement for optimal security. Learn from the experts and keep your data security center safe from potential hackers.
What to Do If There Is a Breach
Even if you’ve never had a breach, odds are you will encounter one at some point in your career. Data center security breaches are stressful and chaotic no matter what, but you can reduce the impact and lessen the stress if you have a solid plan in place.
Here are some of the consequences of security breaches, what to do when you have a breach, and how to restore customer loyalty after data center security has been resolved.
Consequences of Security Breaches
The consequences of a data breach can be daunting, but if you have the right preparations in place, you’ll be in a much better position to deal with any potential issues.
Fines and loss of customer loyalty are some of the main consequences of security breaches. For example, failure to meet industry standards or state requirements can land you with some hefty fines. For customers, how you handle the breach can make all the difference in whether you regain their trust or lose their business forever.
The Equifax security breach is an excellent example of what not to do when it comes to minimizing the consequences of a data center security breach. Equifax decided to handle their breach by withholding information of the breach for one month while using insider trading to sell $2 million in stock during this time. They sent consumers the wrong notification letters, and their social media team tweeted links to phishing sites.
Overall, the whole thing was a disaster. They even gave their CEO a raise for his supposed leadership during this crisis. This debacle has lost Equifax the trust of its consumers.
When a breach occurs, there are several steps companies can take to help authorities trace the hackers and get information that will provide better data center security in the future. Two data center security best practices for digital forensics are:
- Don’t destroy any evidence
- Talk to the people who initially discovered the security breach
Pass on any information from those you interview to authorities, and provide your team with the information they need to communicate anything they come across. Make sure any forensic evidence is preserved during the investigation.
These data center security best practices will provide a better opportunity for authorities to track and catch hackers and ensure better data center security in the future.
Vulnerability Assessment and Penetration Test
After a breach has occurred and digital forensics have identified weaknesses in your system, it’s important to perform a vulnerability assessment and penetration test.
Dennis Chow, VP of Information Security for SCIS Security, stated that after a client’s security breach, they “performed a vulnerability assessment and a penetration test and helped them discover additional remediation controls after the initial triage. Initial triages can range from firewall and IPS returning right down to DLP related controls that sometimes get missed when proxies are not in [use] for SSL/TLS/SSH decryption.”
Finding system vulnerabilities can help companies prevent future breaches and disruptions to their data center security.
A data center security breach doesn't have to be the end of the world or the end of a company. Part of your data center security plan should also outline how to move forward after a breach. This applies both internally with employees and externally with customers.
Here’s how to move forward internally and how to regain customer loyalty and trust.
A breach is unnerving and upsetting, so it’s important to remain calm and realize that it can be fixed and that other companies have survived in the past. Here are a few data center security best practices to follow after a breach:
- Contact Necessary Staff Members — They can put the company emergency response plan into effect.
- Preserve Any Forensic Data — Don’t shut down your servers or you might lose critical data. You might also consider hiring a third-party specialist in computer forensics.
- Contact the Authorities — If you’re looking at a criminal breach of security, you will need to involve law enforcement.
- Conduct an Investigation — Find out which servers were affected by the breach and isolate any networks you can to avoid compromising any additional data.
- Find Data Center Security Weaknesses — Vulnerability assessment and penetration testing will help you determine where your systems can use improvement.
- Regulatory and Legal Issues — Inform necessary agencies if your compromised servers contain sensitive information like medical records or financial information.
- Notify Customers and Clients — Honesty is the best policy for handling security breaches. It’s much worse if the information comes out months later, or the public finds out on their own.
- Evaluate Data Center Security Procedures — How did your team handle the breach? What could you do better if it happens again? Look at the mistakes you’ve made and find out what you can do to improve.
Restoring Customer Loyalty and Trust
One of the most challenging aspect of a data center security breach is restoring customer loyalty and trust.
After a breach, you must send customers a “data breach notification” letter to let them know about the breach. Even if you follow the law and send your notification letter, there are still data center security best practices for how to send notifications and what tactics work best at restoring customer loyalty and trust.
In your customer “data breach notification” letter you should address the following:
- Sincerely Apologize — Take responsibility for the breach and empathize with how your customers feel. They are most likely worried or even scared about having their data stolen and are probably frustrated that this violation of their security occurred.
- Don’t be Vague — Be clear and concise about the data center security breach. What happened? What data was compromised? Include information on where and how customers can check if their data was compromised. Remember, your customers have a right to this information.
- Address How You’re Fixing the Problem — Your team is busy trying to correct the breach and you should let your customers know what you’re doing to keep them safe in the future. This increases customer trust in your company.
- Help Where You Can — If a hacker gets personal information from your customers, the damage has already been done and you can’t get that data back. However, you can offer identity protection plans to your customers, free of charge.
- Loyalty Incentive — Customers will want to leave your company, there’s no getting around that, so offering generous discounts to loyal customers can help keep people with your company and shows them you’re doing everything you can to make the situation right.
Following data center security best practices for notifying customers can help your company move forward after a data breach setback.
How to Minimize Risk
Part of your data center security practices should revolve around minimizing risk before a breach ever occurs. Some of the best practices for data center security include Role-Based Access Control, Data Loss Prevention, as well as physical security measures companies must be aware of.
Adnan Raja, the VP of Marketing for Atlantic.Net, states that his company works to mitigate risk in their data centers by:
“Ensuring logical and physical security procedures are in place and tested on a regular basis. Our security operations center remains active 24 hours a day, seven days a week, which ensures that our experienced engineers continuously monitor and take the necessary steps to ensure a secure data center environment for our clients. As cyber threats continue to advance, security remains at the forefront of our operations.”
Employing these data center security best practices are just a few of the ways you can prevent breaches from the continual advancement of cybersecurity threats.
Role-Based Access Control (RBAC)
Dennis Chow recommends Role-Based access control or RBAC as “one of the best ways to minimize risk.”
It is an excellent model for scaling access to technology resources because it uses permission standards for users rather than unique permissions for each user. Users with a permission standard can simply access the data they need to do their job, while still maintaining security for the company.
Although this model is still susceptible to data breaches from misuse, permission violations, and illegal access attempts, there are many benefits as well. Some of these benefits include better data security, better efficiency, and lower maintenance costs for the company. It is also easier for directors and managers to monitor data with RBAC.
Data Loss Prevention Enhancements
First, it’s important to understand what Data Loss Prevention or DLP is in the context of data center security.
DLP software uses processes and tools to keep sensitive data secure and out of the hands of unauthorized users. DLP software can help organizations that deal with sensitive data and recognize when policies surrounding this data have been compromised by sending alerts. Dennis Chow focuses on how DLP can be improved with enhancements “by using file watermarking (canaries), monitor logs, and enabling decryption of common exfiltration points and protocols like TLS/SSH.”
Physical and Logical Security Procedures
Sometimes all it takes to maintain data center security is to implement security procedures for natural disasters, power outages, floods, or other breaches. Although these are things we hope never happens, the reality is that physical security procedures are just as important to address as virtual ones.
- Power Outages — Power outages happen, and when they do they can cause significant issues for data center security. For data centers, it’s ideal to always have a backed power route to cooling systems, as well as dual power connected to site protectors and generators.
- Fires — Fires are detrimental in general, but when they have the ability to knock out and destroy your data center they're even more so. Use gas suppression systems to contain the spread of fires, and make sure that all rooms are equipped with these systems.
- Floods — Water can easily destroy your data. While you can’t always control these kinds of natural disasters, you can choose where your property is located. Find a location that’s not located in any flood zones or floodplains, and make sure your plumbing is free of issues.
- Logical Breaches — Finally, you should take into account the physical security of your location as well as access to structures, applications, and even mobile devices. This will help you avoid physical breaches and hacker breaches.
In addition to minimizing data center security risks, you should also have a plan to minimize personal risk. This involves shredding documents before tossing them in the trash, keeping doors secure, and using a mailbox that locks so personal data cannot be stolen.
Minimizing security risks comes in all forms, and part of maintaining data center security is also keeping your own information secure so potential hackers can’t use your data to access security centers.
Areas to Prioritize
When it comes to data center security, it’s important to learn from others and prioritize which areas to secure. There are always improvements that can be made and it’s important to know where to start with it comes to improving data center security. Identifying data center security risks begins with choosing the right audit, planning, utilizing control implementation, and frequent testing to ensure compliance.
Choose the Correct Audit
Your audit will tell you a lot about where your data center should focus its resources. Dennis Chow states, “When we assist customers in audits, usually what comes up is proper inventory and monitoring of unknown devices and logging efforts.” Adnan Raja notes that “SSAE 18, SOC 1, SOC 2, and SOC 3 audit is generally a good certification and audit for a data center.” Other audits might include HIPAA, GLBA, and PCI DSS, depending on what kind of data your company has on record.
Careful Planning when Implementing Proper Controls
When assigning access for data centers, it’s not only important to regulate the level of control and access an employee needs, but also to understand that some aspects of your data center security don’t need the high level of access they are assigned. Planning formal processes for security procedures and controls helps eliminate vulnerabilities in data center security and prevent backdoors to systems.
Some of the main procedures that lead to backdoor access and vulnerabilities include backups for servers, remote access for administration, user account administration, and a centralized monitoring and logging system. Although many of these systems are more convenient, they do represent a challenge for data center security.
To minimize backdoor vulnerabilities, data centers should focus on:
- Administrative Tools — Finding the right tools for your administration streamlines routine administrative procedures.
- Security Policy — Provide guidance to individuals that maintain your data center security best practices by reviewing data center security procedures in your company’s security policy.
- Separation of Duties — To keep your data center safe you should always ensure that no one individual has complete access. You should also enforce mandatory vacation time for individuals who have increased security privileges.
- Unique Passwords — Using the same password for everything is a big risk for data center security. Don’t reuse old passwords and don’t use the same one for every system.
- Strong Passwords — Not only should passwords be unique, but they should also be changed regularly and follow best practices for creating strong passwords. Many data centers fail to ever change their passwords, so this is an area that can use significant improvement.
- Authentication Management — A centralized authentication system for managing password controls and access can make it easier for large companies to manage.
If your data center has an IP address, you need to make sure it’s secured. Using data center security best practices can help prevent data breaches and ensure no one has more security access than is necessary for their role and position by implementing proper controls.
Once you’ve established the controls and security procedures for data center security, your work is far from over. Adnan Raja believes that not only should you implement careful planning of proper controls, you should “make sure that those controls are functional and tested regularly.” Failure to do so can result in data center security breaches and disaster for your company.
Frequent testing will also help you manage controls by ensuring there are no obsolete or overlapping production procedures that can create backdoor vulnerabilities for your system. Most of the time this happens because a procedure becomes obsolete and is eventually forgotten.
Additional Data Center Security Best Practices
There are many data center security best practices, but Mihail Corbuleac, Senior IT Consultant at ComputerSupport.com, recommends data centers focus their efforts on the following:
1. Include Security and Compliance Objectives in Design
When you create your data center design you should include your security and compliance objectives. Your design should be united and based off of your company policy so everyone is on the same page when it comes to compliance.
2. Involve Your Security Team
For the best data center security best practices, you should involve both your network and physical security teams from day one. While involving your network security team might seem like a no-brainer, it’s easy to forget placing an emphasis on physical security as well. Keep both cybersecurity and physical security as a high priority to maintain data center security.
3. Implement Security Controls for Each Modular
Traditional servers allow for security controls to be physically separated. However, newer systems contain both physical and virtual systems and are more difficult to separate and implement security controls for. Despite the difficulty, security controls for each modular such as storage components, servers, and networks are all vital for data center security.
4. Analyze All Assets
Analyzing your assets for potential security risks doesn't just mean virtual assets but physical assets as well. For busy IT professionals, it’s often easier to overlook physical aspects of security like outdated servers or drives holding valuable information than potential cybersecurity attacks. It’s very easy for potential hackers to get ahold of old servers or drives and is embarrassing for companies if they don’t notice the equipment is missing until their next equipment audit.
Keep track of physical assets and erase any data before decommissioning the equipment. You should even erase the data before you send your equipment to ITAD for destruction, as it can be compromised or stolen in transit.
5. Protect Data Centers from Hostile Traffic
Not all web traffic is good traffic, and part of keeping your data center secure is preventing hostile traffic such as that from a DDoS attack. DDoS attacks not only threaten your ability to keep your data center and company from experiencing downtime, but they also provide hackers with valuable information they can use to hack your system including your system response time, or they may simply try to distract you from an attempted breach.
Mihail Corbuleac notes, “exploiting server-side vulnerabilities exposes your data center to attacks and puts business partners at risk because a compromised data center server could be exploited further.” Creating a quick response to hostile traffic is a vital part of data center security best practices.
Data center security is a never-ending job that begins with a solid plan to prevent attacks and also recognizes that you should always be prepared to address breaches when they happen. By using these data center security best practices, you can be better prepared to face security attacks while still maintaining customer trust and loyalty after you’ve faced a security breach.