Combining the physical with the digital: Joining the data self preservation society , NGD

Combining the physical with the digital: Joining the data self preservation society

By Simon Taylor 26 | January | 2015

As businesses continue to recognise the strategic importance of IT and data to the very existence of their businesses let alone performance, we can be under no illusion about the absolute necessity of keeping data safe and being alert to all the associated potential risks posed - from the inherent ‘fragility’ of web and cloud infrastructure, to things altogether more sinister such as cyber or even physical terror attack.

Whether your data is on your premises, stored in a colo data centre, in the cloud or otherwise, a comprehensive preventative data loss management and security strategy is essential. This means knowing exactly where and how your data is used, stored and secured, as well as being totally satisfied your organisation or your service provider has the ability to recover seamlessly from disasters we all hope will never happen.

Data loss prevention (DLP) strategies and software solutions are essential for making sure that users do not send sensitive or critical information outside the corporate network. IT administrators can then control what data can and cannot be transferred by monitoring, detecting and blocking sensitive data while in-use, in transit or while archived. The latter is very important as sensitive and valuable data that’s stored is often especially vulnerable to outside attack.

But effective protection from data loss and ensuring its security cannot only be limited to data loss management and monitoring activities, or the implementation of back-up, firewall, intrusion detection and anti-malware software - as is all too often the case.

Getting physical

There are equally critical, often overlooked, physical factors to consider for ensuring your data security and business continuity. Factors such as supply of reliable and stable power, diversity of fibre network options and sufficient cooling/environmental services all need to be carefully considered, along with perhaps mirroring of data on servers in remote ‘second site’ physical locations.

Over the past twenty years or so larger businesses have typically addressed all or some of these issues by building their own data centres close to their office premises to house their mission critical servers and storage equipment. But this approach has had its own problems, not least the considerable capital expenditure involved in construction and the headache of keeping up to date with latest hardware and software developments.

With this in mind many businesses are increasingly outsourcing their IT operations and data storage to modern specialist ‘colocation’ data centre operators. These can provide customers with space, power, and infrastructure to more securely house and manage their own IT operations, or alternatively manage these for them.

While most certainly cloud providers can also offer business users many benefits in terms of pay as you go data storage and access to the very latest business applications, these services still depend on the reliability and security of servers in data centres somewhere. It is therefore prudent to find out from your cloud provider which data centres they are using and where they are located, and have them report on the data management and security credentials and procedures in place.

It is also highly advisable to establish with them what happens to accessing your data in the case of a third party going into administration. Having a legal escrow agreement in place at the outset of the relationship will help ensure you can retrieve your data from their premises more easily. Without the above assurances storing mission critical data in the cloud can be risky.

Taking an integrated and holistic approach to data loss prevention and security will ensure both its security AND its continuous availability. But for maximum peace of mind that your data is always available, safe and where you expect to it be, also requires physical security to be given as much consideration as the digital aspects.

Data loss prevention considerations  

1. Security: Physical security measures are often overlooked in favour of the digital variety but can often be prove to be the weakest links of all.

How physically secure is your building and IT equipment? Consider how its location may impact your business continuity and data availability  - being well away from areas susceptible to flooding, large urban areas and flight paths reduces exposure to the potential risks

2. Resilience: Are sufficient data back-up and replication fail-safe measures in place along with Uninterruptable Power Systems (UPS) to mitigate unplanned downtime?

Has your data centre or computer room got access to abundant and redundant resilient power, and diverse fibre connectivity links?  Are servers being sufficiently cooled and energy optimised to ensure maximum availability?

3. Service provider credentials: If outsourcing data directly to a colo data centre or via a cloud provider, check all of the above.

Also their security and operational industry accreditations for actual proof (ISO, PCI DCI, SSAE16 etc.) and the calibre of on-site engineering personnel for handling technical support issues and Disaster Recovery situations.  Tier 3 category data centres should be used as a minimum. Putting in place an escrow agreement will also ensure you have legal access to retrieving your data in the event of their going into administration.