How to Identify a Secure and Compliant Data Center
The data center industry keeps expanding and growing and a big reason is the increasing shift towards cloud computing. More and more Internet users now prefer data stored in the cloud rather than on hard drives. Businesses have now realized that a properly implemented cloud infrastructure would improve their agility and productivity, while also cutting infrastructure costs at the same time.
However, businesses that entrust their data to a cloud provider assume that their data is safe just because they have passed the burden to someone else. However, they need to undertake a comprehensive review of the data center that would hold their data to make sure they are housing it in a safe place. This review should cover the following broad areas:
There are a variety of factors to consider when it comes to security in the data center.
The physical security of the data center is of critical importance and you need to know what safeguards are in place against floods, fire and other threats, as well as access controls for physical machines.
Another important yet often overlooked consideration is virtual data center security, which depends on the cloud architecture. Check into how individual compute nodes, network nodes, and storage nodes are architected, integrated, and secured since they have a great bearing on the robustness and security of the data center.
The physical and virtual security deployments of the data center depend on the extent of controls available. One important consideration is whether the data centers are SAS 70 Type II data centers. SAS 70 Type II reports specify the internal controls in place at the data centers and are applicable for service organizations.
The physical security infrastructure and controls in place notwithstanding, truly secure data centers have well-trained and skilled operators, adept in dealing with the different situations and scenarios that may emerge in an emergency.
Even when data is stored in a third-party data center, the business is still liable for data breaches. It is the business that is responsible for a data breach, even if the data center is responsible.
Different companies have different compliance needs, depending on the nature of their business and the clients they serve. Data centers need to not just deal with multiple compliance standards, but they also need to be adept in resolving and reconciling incompatible standards set by different countries or agencies.
Offshore data centers would have to comply with set of rules and regulations different from the rules and regulations in the US or the base country of the client. For instance, the European Union has laws that protect privacy, whereas the US Patriot Act allows virtually unlimited powers to federal agencies to access information belonging to companies. The client needs to ensure that the data center complies with the minimum mandatory requirements of the client's host country, if nothing else. However, compliance goes beyond satisfying the minimum mandatory requirements, and, in most cases, requires compliance with other standards widely accepted by the industry.
The world of compliance is highly fluid and another important yardstick to gauge data centers is the extent to which they remain updated on the changing compliance requirements .
Good data centers have state of the art security measures in place, including physical access controls, firewalls, and military grade encryption. However, no matter how robust the security, a company would ideally want to integrate the data center security with their own corporate security policy. This means that instead of being forced to accept whatever security and compliance that the data center offers, the client should be in a position to extend their existing policies to the additional platform, albeit an external one. Whatever extra security features that the data center provides would be a bonus.
Data centers that remain flexible on the policies and offer a comprehensive range of security features should easily be able to accommodate the client’s security policies, without it clashing with or overlapping their own security policies. Lifeline Data center offers flexible data center solutions to accommodate all your customized needs. Contact us today.