For many years organizations have viewed data center security as primarily being restricted to securing the physical perimeter of the data center. But as cyber-attacks become more frequent and more sophisticated, it’s clear that equal weighting should be given to ensuring the data itself is secure. Physical security is obviously of the utmost importance – but are businesses considering adequately protecting their data against potential hackers? And do they know how best to go about it?
The effects of cyber-attacks on a business are numerous and wide ranging, emphasizing the need for companies to take the risks seriously. Not only are the costs increasing – it’s been estimated by Juniper research that cyber-crime is projected to reach $2 trillion by 2019 – but it can also have a damaging effect on brand trust. Following the Sony pictures attack in 2014, the company hit its worst consumer perception in six years. And a cyber-attack can have ripple effects in the physical world. Just last month Renault was forced to shut some of its factories following a global breach, demonstrating the very tangible impact a hack can have on a brand and its commercial operations.
An evolving threat landscape
One of the main challenges facing organizations is the changing threat landscape. As more devices are connected to the internet and more data becomes available, there is simply a much greater ‘attack surface’ which is vulnerable to hackers and that has to be secured. In addition, there are constantly new and evolving threats. Combine this with legacy Operational Technology systems which haven’t been designed with cyber security in mind from the beginning and suddenly attacks become more difficult to prevent. Some organisations still have systems in place from the 1960s, which can be costly and difficult to replace. The National Health Service in the UK experienced this acutely following WannaCry, leaving hospitals to turn off computers and resort to paper management.
The Internet of Things also makes cyber security more difficult. Although it’s not a significant break in the way technology is being used, the sheer numbers are important. We used to have millions of devices and now we have billions – Gartner predicts 8.4billion devices will be connected this year – the sheer scale makes it extremely difficult to protect. In addition, a device connected via the Internet of Things doesn’t have to be linked to a specific identity. If a device is unmanned and no one is controlling or checking it then there isn’t necessarily someone available to patch it if something goes wrong, making devices vulnerable. Essentially, the IoT has created millions of access points or holes for attackers to slip through data centers.
Organizations can protect themselves
There are some basic steps that companies can do to protect themselves and their data against cyber-attacks. One of the simplest things to implement across any organization is to maintain strong passwords which are changed regularly. It’s important to educate all staff on correct password etiquette since everyone needs to be on board with cyber security policies – not just those that work in IT.
Secondly, security should be part of the development process; data centers must be designed with cyber security prevention in mind, right from the start and not as an afterthought. And finally, firms must assume that the right security isn’t just something you can buy over the counter. The most forward-thinking companies appreciate the need for dedicated, outsourced security professionals whose full-time job it is to protect against cyber-attacks.
With the right security measures in place, including maintaining appropriate level of patching, and by staying abreast of the latest developments in threats, businesses can protect themselves against cyber-attacks, and avoid becoming the next brand to hit the headlines for the wrong reasons.
You can also read my colleague Florence Burnoud’s post on Data Center Infrastructure Management here.