Inadequate cybersecurity can cause data centre outages and other complications to discourage current or potential clients from trusting a facility. Plus, with more people worldwide working remotely due to the COVID-19 pandemic, it’s vital to keep online resources available and operating as they should. Here are five actionable ways to enhance data centre cybersecurity this year.
Allowing some data centre staff members to work remotely could be a great way to keep productivity levels high, even during instances of bad weather or other complications that could affect someone’s access to a physical site.
However, remote working comes with additional cybersecurity risks. Staying aware of and mitigating them is essential for keeping a data centre safe and operating as expected.
For example, unless they specifically get instructions otherwise, some people may switch between work and home devices while on the clock. That’s problematic because workers may not have tight security on personal devices, making it easier for hackers to infiltrate them.
Outdated software can help cybercriminals access critical infrastructure because older product versions don’t include security patches for known vulnerabilities. However, it’s not always easy to fix, especially if an old offering is part of numerous systems that a data centre uses.
Adobe Flash is an example. It reached its end-of-life date in 2021 and had many security issues long before then. Ron Machol, a Presale Account Manager at a data centre infrastructure management company called MagicFlex, said: “…Plenty of data centres have old versions still that are using Flash. Many of the customers we talk to don’t even realise that they have Flash.”
Whether the issue is Flash or some other software title, people tasked with improving data centre security should take obsolete software seriously. If there’s no choice but to keep using old software, keeping it isolated to protect other parts of the data centre is a vital step.
Sometimes, improving cybersecurity necessitates making major improvements to a facility, particularly if an assessment reveals significant shortcomings. For example, representatives from a local council in the United Kingdom will spend £3.8 million to upgrade an existing data centre. The enhancements partially involve emergency upgrades for backup and disaster recovery solutions.
When carrying out data centre commissioning or upgrades, IT professionals often use load banks to ensure that a facility can maintain its high performance in the event of an interruption. For example, they may use a load bank to confirm an emergency power source’s output capabilities.
Regardless of the type of cybersecurity updates planned, managers should verify that the data centre has enough staff to keep the facility secure and operating smoothly during those times. Otherwise, cybercriminals could decide to wreak havoc when the data centre may be understaffed during the upgrades.
Workers can become weak links in a cybersecurity strategy if they are unaware of emerging threats. For example, a study from the first quarter of 2020 found that 4% of spear-phishing attacks concerned online forms created to appear as if they came from Google.
Spear-phishing targets a smaller group than traditional phishing. For example, they might include all data centre employees from a particular department. An emerging type of spear-phishing concerns messages about COVID-19 vaccines. By the end of January 2021, there was a 26% increase in such incidents since October 2020.
If your data centre offers a workplace vaccination program or support for people to get vaccinated at a nearby location, such messages could seem legitimate. In any case, data centre security teams should remind employees to never automatically assume that a message is genuine if it asks for personal details.
Many data centres now use a zero-trust approach to keep their digital assets secure. That method never automatically grants someone access to resources, even if they use them multiple times per day.
Implementing zero trust in a data centre also involves identifying the facility’s protect surface. It encompasses the network segments that need the most protection.
From there, a data centre would have policies that dictate when and why a certain person can access the resources they request. They might depend on the user’s role, how many resources they want to see or use and which applications they need for access.
These five tips will get data centre cybersecurity professionals off to good starts as they make conscious decisions about making the facility more safeguarded against attacks. However, they must also keep in mind that any successful plan must include various protective measures rather than focusing on one.
Devin Partida is a technology writer and the Editor-in-Chief of the digital magazine, ReHack.com. To read more from Devin, check out the site.