De-risking the Data Center: A Multi-layered Approach to Security
Leveraging the convergence of physical and cybersecurity
Security is one of the most fundamental considerations in any data center, with cybersecurity typically grabbing the headlines, a particularly understandable focus when your whole operation is based around the remote storage, processing or distribution of data.
Indeed, the risks posed by cyber attacks are nowhere more understood than in a data center. The installation of firewalls and the encryption of data transmission can be compromised by the presence of operational subsystems which can provide multiple points of potential attack. In addressing the security requirements of a data center, it is vital to consider both physical and cybersecurity measures to ensure a holistic approach to security.
However, to provide a truly effective secure environment, the vital role of physical security measures in ensuring data is kept safe needs to be recognized. It is only through a holistic, multi-layered approach that data center owners and managers can plan for a secure future. When it comes to physical security in data centers, best practices today still focus on including a combination of an “outside in” and “inside out” approach to make it more difficult for unauthorized people to gain access and, if they do, then more difficult to move around and to exit.
Biometrics continue to rise
Biometrics continue to play an increasingly important role in providing additional layers of security. We are already seeing widespread use of fingerprint recognition technology (the only scalable option for high security environments at present) and retina scanning; in data centers this is being used within electronic access control systems, combined with video analytics to prevent tailgating. Facial recognition is where we see the industry potentially heading, as it is secure, enables on-site tracking of an individual and could potentially eventually reduce the number of security devices required, as it could replace traditional card reader devices for electronic access control.
With the rise in colocation data centers, customers are increasingly demanding security at rack level, including access control on a specific rack and even a dedicated CCTV camera. With human error being the most common cause of downtime in a data center, accounting for as much as 75% according to some reports, the ability for an organization to secure its equipment against tampering by unauthorized personnel – be it deliberate or, more likely, accidental – is increasingly necessary; all the more so in light of stringent data security regulations. Organizations are required to not only secure these infrastructure components but must also be able to prove the efficacy of their auditing systems.
Security technology: Going beyond hardware
The improvements in security equipment have been considerable over the past decade, but really exciting research and developmental work is to be found in security software: the emphasis is on analytics, to enable genuine intelligence to be built into a security system, based on advances in IoT platforms and smarter security devices.
These can and should be leveraged as part of holistic data center security strategies, particularly in distributed or remote facilities, such as edge data centers. From predictive system performance management to operations-enhancing insights, the data generated by smarter security devices is opening true opportunities for data centers.
And though the majority of this data still remains under-used, this is changing rapidly, in part due to shifting customer expectations who expect comprehensive, transparent and real-time insights into their data center providers’ performance against service level KPIs.
Continuing emergence of facial recognition
Facial recognition has become a particular focus in applied security analytics. The technology aims to reliably identify a person from a video frame in just a few seconds. Using a sophisticated algorithm, the image is translated into digital data and compared to that held in a database.
At present, this technology is expensive and often deemed insufficiently reliable for high-security environments, but it is only a matter of time. The industry is already developing anti-spoofing mechanisms. If a 99.9% accuracy rate can be delivered, then facial recognition will fundamentally change security system design. For example, it could remove the need for access control systems, from perimeter control to rack-level security, as it will not only be able to perform this task but will do it better.
Analysis at source
Where those analytics take place is also changing, with a noticeable move to “edge analytics”. Relocating data analysis away from a central server and instead conducting it at source (e.g., the camera), has multiple benefits. Top of that list is speed; as part of the system design, an organization can determine the nature of the data that it wants sent and, importantly, what it does not. It also makes for lower cost through more efficient and sustainable upgrades, as only the software needs to be changed, rather than the hardware.
Adapting to evolving data center operations
Right-sizing human intervention in data center operations
The increasing use of AI and robots to provide environmental monitoring, security surveillance and even condition-based maintenance can help remove the risk of human error in a data center. Other areas which may emerge as strong players in AI applications for physical security include risk-based access control authentication. Analytics are also increasingly applied to non-security applications such as to monitor health & safety risks and conduct analytics-driven operational optimization.
However, it creates its own set of challenges. A first challenge is the need to build in response and recovery mechanisms to balance the risk to response times if on-site human intervention is required. In video, AI faces the other challenge of generating so much data that can’t be effectively reviewed without machine learning doing some of the groundwork.
As with any new technology rollout, scenario planning and simulations integrated in the security design process can help anticipate or alleviate these risks altogether.
Move toward hyper-customized security
Colocation data centers renting racks to multiple customers can help differentiate themselves from competitors by offering security system customization based on specific customer requirements.
Security being brought down to rack level is already a growing trend, with customers increasingly demanding access control on a specific rack and even a dedicated CCTV camera. But this isn’t just beneficial to colocation providers. Enterprise and internet data centers can also benefit from more granular security, for example applied to racks dedicated to critical IT processing activities or data storage.
Optimizing multi-site, multi-size operations resiliency
In multi-site data center applications, adopting a standardized approach to security and facility design in general can reap significant benefits. Resiliency can be achieved across different configurations – from linked-site resiliency, achieved through tight connections, to distributed-site resiliency through multiple instances that are asynchronously connected, or cloud-based resiliency that reduces the potential for outages.
On the physical security side, with varying operating models and data center footprints in any given portfolio, the challenge is to define security processes and technology standards that are agile enough to apply to this varied landscape of circumstances, while providing measurable and constant levels of security, from hyperscale facilities to edge data centers.
The scalability of the security technology blueprint is tightly linked to the integration levels of the various subsystems. But due consideration should also be given to program management capability and vendor ecosystems, to ensure the defined security standards can be replicated at pace and at will, irrespective of the size of location of the facilities.
Partner smarter to navigate through complexities
The pace of change and transformation in data centers is undeniable. A headline statistic forecasts that by the end of 2021, IP traffic in data centers is set to reach 20.6 zettabytes (ZB) per annum, representing a compound annual growth rate (CAGR) of 25% from the 6.8 ZB per annum of 2016.
Meeting the demand for such exponential growth brings challenges, none more so than in maintaining effective security. This applies not only to the original design and build process but also to the operational phase, with ongoing reviews and upgrades required to ensure the security measures remain robust and address any changes in structure or process.
Smart partnerships can ensure navigation of the complexities to get it right, every time. It is not sufficient to focus on individual potential security breaches. The data center and its security requirements need to be considered holistically, encapsulating both physical and cybersecurity threats, to ensure risks are managed consistently and reliably throughout the life cycle.