Our modern way of life relies on data center cybersecurity, with human errors remaining the biggest threat
Modern data centers serve as the pillars of our digital societies. Everything on the internet must physically reside somewhere, and data centers as critical infrastructure provide a secure and controlled environment for housing and managing vast amounts of sensitive and valuable information. While data centers as infrastructure service providers themselves do not directly protect the data of clients, as they lack the authority to interfere in the exchange of bits and bytes over the internet, they are responsible for safeguarding their own operations – that is mission-critical for their clients. The infrastructure, IT systems, and employees of data centers are often targets of cyber attacks, presenting a potential threat to our modern way of life.
Hannes Aavaste
It all starts with physical security
First, data centers must prioritise physical security to safeguard against unauthorised access and physical threats. All the cybersecurity in the world is useless if someone can walk up to the IT equipment and gain access to the systems. Access controls, such as biometric authentication, smart cards, and video surveillance systems, are implemented to restrict entry to authorised personnel only. Restricted areas, secure cabinets, and cages protect servers and networking equipment from tampering and theft. Strict visitor management protocols, including registration and escort policies, ensure a controlled environment within the data center facility. You can read more about physical security from a different article here.
How about cyber-security?
With the increasing reliance on interconnected systems, data centers must adopt robust network security measures to protect their operational technology from unauthorised access and cyber threats, says Hannes Aavaste, the Chief Information Security Officer at the largest data center in the Baltics. ‘One example of such measures is the disconnection of critical infrastructure components, such as electricity and cooling systems, from the internet. By isolating these systems from the public internet, data centers ensure that they are not directly accessible to potential cyber attackers,’ he explains.
Such isolation helps to minimise the risk of unauthorised access or tampering, reducing the potential for disruptions to critical operations. While these critical infrastructure components may not directly store or process client data, they are essential for the proper functioning and security of the data center facility. ‘For example, interfering with the cooling system may cause server overheating, which, in turn, can lead to interruptions in the services provided by those servers. Consequently, this may prevent us from accessing our favourite app or making a bank transfer,’ Aavaste adds. By implementing network security measures that include isolation, data centers ensure that vital systems remain protected from external threats, providing a secure and reliable environment for housing and managing client data.
In addition to these methods data centers deploy a combination of measures for the protection of their infrastructure:
firewalls (a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic);
data diodes (a unidirectional network communication device that enables the safe, one-way transfer of data between segmented networks);
intrusion detection systems (a system that monitors network traffic for suspicious activity and alerts when such activity is discovered);
data collection and analysis systems (security information and event management technology supports threat detection, compliance, and security incident management through the collection and analysis (both near real-time and historical) of security events, as well as a wide variety of other event and contextual data sources);
virtual private networks (a service that establishes a secure and private connection to the internet).
Regular security assessments and vulnerability scanning are conducted to identify any weaknesses or vulnerabilities in the network infrastructure. This proactive approach allows data centers to address and remediate potential risks promptly.
Protection by encryption
To protect sensitive data from interception or unauthorised disclosure, modern data centers employ encryption techniques. Data-at-rest encryption ensures that data stored on physical storage devices, such as hard drives and backup tapes, remains secure even if physically compromised. For example, if a malicious actor gains unauthorised access to the office of the data center and steals a hard drive containing sensitive administrative information, data-at-rest encryption ensures that the stolen data remains secure and inaccessible. Encryption renders the data unreadable without the proper decryption key, mitigating the risk of unauthorised access and potential misuse of the stolen information.
Data-at-rest encryption not only safeguards against physical theft or unauthorised access to internal systems, but also protects against other threats such as data breaches, accidental loss, or improper disposal. It adds an additional layer of security to the data center’s own infrastructure, ensuring the confidentiality and integrity of sensitive data stored within its premises.
Data-in-transit encryption secures data as it travels across networks, preventing interception and tampering. For example, imagine a data center that needs to establish a secure connection between its main facility and a home office. Without a VPN, data transmitted between these locations would travel over the public internet, potentially exposing it to interception by unauthorised individuals. Robust encryption algorithms and key management practices are implemented to ensure the confidentiality and integrity of the encrypted data.
Detecting anomalies
To give an example: let’s imagine that one day, the network traffic analysis tool detects an unusual spike in outbound data transfer from a specific server among the IT equipment of the data center. This abnormal activity triggers an alert, and the incident response promptly initiates an investigation. Upon further analysis, it is discovered that the server was compromised by a sophisticated malware attack. The malware had managed to bypass the perimeter defences and gain unauthorised access to the server, allowing it to exfiltrate sensitive data.
During the investigation, the incident response conducts a thorough analysis of the compromised server to determine the extent of the attack and the potential impact on sensitive data. They employ advanced forensics techniques to identify the malware responsible for the breach and the entry point through which it infiltrated the server.
Simultaneously, immediate actions are taken to isolate the compromised server from the network, cutting off its communication with other systems and preventing further data exfiltration. This containment measure helps to minimise the potential damage and prevent the malware from spreading to other parts of the data center infrastructure.
Continuous monitoring of data center infrastructure is crucial to detect these (and other) kinds of incidents and to respond promptly. ‘Intrusion detection systems, security information and event management systems, and network traffic analysis tools provide real-time visibility into potential security breaches. Security personnel monitors alerts, investigates incidents, and initiates appropriate incident response procedures,’ Aavaste elaborates.
Throughout the incident response process, the continuous monitoring systems and SIEM of the data center play a crucial role in providing real-time visibility into the incident. The security personnel leverages these tools to gather additional forensic evidence, identify the attack vector, and enhance security measures to prevent future incidents. Response plans outline the steps to be taken, ensuring a swift and coordinated response to mitigate risks and minimise impact.
Human errors tend to be the biggest threat
Human factors remain a significant security concern in data centers (as in any other organisation). According to the World Economic Forum, 95% of cybersecurity issues can be traced to human error. ‘Let us imagine an employee who falls victim to a sophisticated phishing attack. The attacker sends an email disguised as a legitimate communication from the IT department of the data center, requesting the employee to update their account credentials due to a security breach. Unaware of the phishing attempt, the employee clicks on a malicious link within the email and unwittingly provides their login credentials to the attacker. Now, the attacker has access to the internal systems,’ the Chief Information Security Officer provides an example.
‘Employees must undergo regular security awareness training to understand the importance of information security, recognise social engineering attacks, and follow best practices. Clear policies and procedures, including access control, password management, and incident reporting, must be communicated to all personnel,’ Aavaste highlights the solution. Regular audits and assessments help to evaluate the effectiveness of security awareness programs and identify areas for improvement.
Regular audits and assessments provide a peace of mind
Data centers are subject to various compliance requirements and regulations, such as the General Data Protection Regulation (GDPR), Network and Information Security 2 Directive (NIS2), and industry-specific standards such as EN 50600, ISO 27001, etc. Compliance frameworks provide guidelines for data protection, privacy, and security controls. Data centers should strive for both compliance and certification. Compliance ensures adherence to standard requirements, while certification adds credibility and assurance. Regular audits and assessments help to evaluate security controls, identify improvements, and maintain compliance.
Staying up to date with regulations and standards, as well as pursuing applicable certifications, demonstrates a commitment to data center security. This instils confidence in clients and stakeholders, further reinforcing the dedication of the data center to providing a secure environment for client data. In regulated markets like Germany, certification (like EN 50600) by trusted third-party auditors enables data centers to cater to specific client segments.
As you can see, in today’s digital landscape, modern data centers face ever-evolving security threats. Protecting the confidentiality, integrity, and availability of data requires an integrated approach encompassing physical security, network security, encryption, monitoring, incident response, employee awareness, and compliance. By implementing robust information security practices, data centers can mitigate risks, safeguard valuable assets, and maintain the trust of clients and stakeholders in an increasingly interconnected world.