Recently, there has been a growing concern that the data stored within data centres may not be as safe as we think. In 2019, the number of UK companies reporting cyber-attacks increased by 40%, reflecting the growing risk to company data. However, It’s not just the large multinational corporations that are at risk. Out of the total number of security breach victims recorded last year, 58% were considered to be small businesses.
In this article, cloud computing providers Cloud Central take a closer look at data centres and the potential threats that could jeopardize the safety of our information.
What is a data centre
In its simplest form, a data centre is a centralised, physical network of computing, networking equipment and storage resources, that facilitates the delivery of data and shared software applications.
Built with the purpose of supporting business IT, applications and networks, data centres effectively serve as the core of Big Data management; assisting with the day-to-day running of important business operations, communications, enterprise resource planning (ERP), and customer relationship management (CRM).
The key elements of a data centre include:
- Network security
- Network infrastructure
- Computing resources
- Storage infrastructure
- Application delivery
What is data centre security?
Data centre security essentially refers to the set of policies, precautions, physical practises and virtual technologies used to prevent unauthorised access (i.e from external threats) and manipulation of a data centre’s resources.
What are the potential threats?
There are numerous threats to data centre security, both in a physical and virtual sense. The most threatening of which include:
Physical security breaches
Whilst it is possible for the buildings housing the data centres to be intruded, it is very unlikely. The centres themselves are typically located in solitary places, away from major roads or built-up areas. Furthermore, access to the centre is limited and generally restricted to certain individuals.
Most centres will also have heavy surveillance with 24-hour on-site security. Manned by security personnel, any trespasser would likely be spotted immediately. Even if they were to escape the notice of the CCTV and on-site security staff, a trespasser would have to surpass fingerprint or voice-activated authentication technology to gain access to these facilities.
Hackers
Due to its potential to generate serious revenue, hacking presents a far more dangerous threat to data centres than physical breaches. In recent years, we have seen a shift from attacks on independent consumer devices to large scale enterprise data centres; as hackers attempt to access and sell on important company and market data.
In fact, according to the 2018 Verizon Data Breach Investigations Report, 48% of all security breaches involved hacking. Moreover, 73% of breaches were perpetrated by outsiders, and 50% were carried out by organised criminal groups.
To combat a hacking threat, many data centres now adopt smart data auditing technology such as Relentless Intrusion Detection and security information & event management tools (SIEMs), which signals real-time alerts if any abnormal intrusion is detected in the system.
For cloud computers, a SIEM such as Alert Logic provides the perfect solution for companies wishing to ensure security breaches are quickly detected, whilst also achieving complete compliance across multiple requirements.
Malware
Verizon also stated that in 2018, 30% of breaches incorporated malware. Malware can often slip under the radar as it hides in seemingly normal data. For this reason, it’s absolutely essential for security management tools to give admins consistent visibility into data flows, especially with the prominence of cloud computing and virtualized data systems.
Malware can take several different routes and traffic types, but for the most part, it will hide within an email. In terms of form, first-stage malware tends to embed itself with Javascript, MS Office, PDF and Visual Basic Script files. After malware infiltrates a data centre, it can quickly spread and invite other more damaging malware in.
Fortunately, with access to more sophisticated cyber-security and malware protection, data centre owners can safeguard against threatening attacks. In fact, out of all the malware detections recorded over the last quarter of 2018, 37% of IP addresses that were hit by a malware attack, “never saw another.” As the majority of malware takes the same form, it makes it easier for systems to identify them.
The evolution of data centres
In response to the growing number of threats posed by cyber-attacks, data centres have had no choice but to evolve and strengthen to improve the safety of our data. A big part of this evolution process is virtualisation, which enables better data management through improved resource utilization, IT flexibility and scalability and most importantly, security.
For this reason, an increasing number of businesses are switching over to cloud-based services and infrastructures. It’s important to note, however, that the decision to use physical data centres or the cloud should be dictated by the capacity in which your enterprise needs to operate.
