Posted by Matt Edgley on 24-Feb-2017 09:00:00

Data centre security: Why you should keep your experts close

Data centre security: Why you should keep your experts close

This article was originally written for the Data Centre Alliance Expert Panel and published in the Spring 2017 issue of Data Centre Management magazine. To see the print version, click here.

The colocation and data centre market has long had a reputation for a high rate of M&A activity. Every now and then, we’ll read about how another smaller, independently owned and run data centre has been bought out by a big name provider with sites spread across the globe. Or how one big data centre group has been acquired by an even bigger one.

This can be a good thing from a security perspective. Bigger providers, on the whole, tend to have the economies of scale to invest in technologies and accreditations their smaller counterparts can only dream of. However, there’s one area they may be weaker than the independently owned and run data centres of this world: the presence – or otherwise – of on-site security leadership.

Why is this desirable? Well, the security of a data centre (or any business premises) is only ever as good as the people managing it – and having your most capable people on-site on a day-to-day basis is far better from this perspective than having them at arms’ length in a head office or elsewhere. Here’s why.

(Recommended reading: Data centre security checklist)

Getting more out of your investment

You can easily invest millions in the latest and greatest security controls and technology, but this is meaningless if it’s not managed in the right way – leaving your facility at risk of a data breach and therefore lost business regardless.

By having your senior security staff in the data centre on a day-to-day basis, they can combine their own understanding of security controls with complete awareness of how said controls are used on a day-to-day basis, and recognise problems or blind spots within the system as soon as they arise. And, most importantly, they’ll have the knowledge, resources and authority to respond to any problems in a timely and effective manner.

Insight at the coalface

The longer you spend in an environment, the more you’ll understand it. This couldn’t be truer for senior security staff who walk the corridors of their data centre every day, and have the chance to monitor adherence to policies and processes – as well as other staff behaviours, good or bad – on an ongoing basis.

So, for example, they can identify when new personnel aren’t inducted correctly or formally introduced to the rest of the team, opening the door to social engineering attacks as a result of this unfamiliarity. Or perhaps the process of communicating with clients isn’t as secure and streamlined as it should be, leading to gaps in security that could be discovered and exploited by an outsider.

These are exactly the kind of problems that can slip under the radar or take weeks to be noticed if senior security staff are only at the centre once or twice a week, leaving them unable to identify security holes until after the fact.  

The level of insight that comes with on-site security leadership can therefore be much greater, and more valuable, than most would realise – it allows for continuous improvement of the policies and processes on which meaningful security relies.

A higher quality service for customers

More pragmatically, the presence of senior security staff on-site means a higher quality of service for customers and partners of the data centre. Security leadership can participate in meetings, assist in audits for demanding clients, and generally act as a resource for internal and external stakeholders to draw from.

This allows for a level of service you simply wouldn’t get with a big-name provider. Customers and partners can pick up the phone and talk to an on-site expert who knows every nook and cranny of the data centre, as well as having exceptional knowledge and expertise when it comes to security best practice and the changing risk landscape. What’s more, they may have taken the time to get acquainted with individual customers and their business’ security challenges, too.

We live in a turbulent time for IT security, with Brexit and the EU General Data Protection Regulation just two of the many challenges on the horizon for UK data centres and their users. The importance of strong security leadership in the industry is something we shouldn’t underestimate – and the more our experts are involved in day-to-day data centre management, the better.

To find out more about data centre security, download a copy of our free checklist.

FREE download: Data centre security checklist >

Free download: Data centre security checklist

Topics: data centre, security