Are You Overlooking This Critical Aspect of Data Security?
Data breaches dominate today’s headlines. Attacks on high-profile companies like Sony and Anthem, as well as multiple attacks on government agencies, keep the IT department’s focus on cyber security. However, this causes many to lose focus on another real and present danger: physical threats to data centers.
A physical attack doesn’t require the tech savvy that a cyber attack does, and threatens not only your data but also your employees and the facilities you own. Physical threats to data centers don’t just come in human form — often these dangers come in the form of natural disasters, fires, and other unforeseeable threats. In addition to firewalls and monitoring systems, password policies and regular software updates, make sure your data center is thoroughly protected physically.
Hiring the Right Employees
Great employees aren’t just less likely to cause a security breach. They’re also more likely to keep their eyes open for suspicious activity.
Physical security begins with the people you have working within your facilities. Background checks can go a long way, but continual vigilance is important to protect your company from employees who perhaps turn sour over time or are tempted by the ease of taking what’s right there around them every day.
There are a number of ways to monitor employees for suspicious activity, the first of which is something you should already be doing: monitoring systems regularly for unusual file transfers or users accessing data that doesn’t fit within their normal job descriptions. Employers can also monitor workers’ social media activities for signs of greed or resentment toward the company. However it is done, keeping an eye on those who work closely with the data every day is essential.
Exercise the Same Caution With Contractors as With Employees
Outside contractors should be held to the same levels of rigorous inspection as internal employees.
It doesn’t do much good to play Big Brother with all your own employees while allowing contractors to come and go unmonitored. Use the same discretion in selecting and monitoring contractors as you do for your own internal staff members.
Limiting access to the building and to sensitive areas within the building just makes sense. If anyone can walk into the data center anytime they please, you aren’t just opening the doors to potential thieves, vandals, and possible terrorists, you’re also inviting opportunistic wanderers-by. Make sure the fire exits only allow people to exit. Use fencing, landscaping, walls, and limited-access entrances to provide a physical shield for the building. Within the facility, use biometric or two-factor authentication (perhaps a password and a key) to safeguard particularly sensitive areas.
Video surveillance serves two purposes. First, it can help your security staff monitor areas between rounds. Second, it serves as a primary tool for prosecution if a physical breach does occur. Since it’s impossible for security guards to be everywhere all of the time, you also need to train employees to ask questions when they see someone that doesn’t look like they belong there. A well-trained staff is a valuable second pair of eyes during an intrusion.
Massive data centers like those operated by Google and Microsoft usually have multiple power providers in place, but this can be cost-prohibitive for most small-to mid-sized data centers. Instead, you can work with your local power provider to install underground power lines. Similarly, data centers need underground phone lines so that data transfer is still possible during an outage. Backup generators are also essential in the event of a large-scale attack on the power grid or a sudden natural disaster. Obviously, generators are useless without fuel, so make sure plenty of fuel is kept on hand. Diesel, kerosene, and other generator fuels can become scarce, expensive, or completely unavailable during a major disaster.
Proper Disposal of Hardware
Physical security doesn’t stop when discs, hard drives, servers, and other critical components are placed out of service. Have a well-planned, well-documented procedure for equipment disposal in place. Otherwise, all your security efforts could go to waste when a couple of dumpster divers or landfill prowlers discover your discarded equipment.