Security Best Practice at the Data Centre Alliance

Techbuyer attended the DCA annual meeting for the first time this September at Imperial College London. With talks from government think tank Policy Connect, research institute RISE and maritime classification body Lloyds Register there were some interesting issues explored. The Special Interest Groups (SIG) provided a forum in which to discuss and develop best practice for the sector. Of most use to Techbuyer was the group dealing with Physical Access and Cyber Security, which I joined in the morning. It was a chance to share cross industry knowledge on a topic that is of vital importance to the company and our customers. Here is an overview of what we learned.

Setting the bar

The discussions in the security group tie into the great work the DCA are doing on establishing best practice within the data centre environment. With the sector still relatively new, and technology advancing all the time, there is a lot of work to do creating a quality framework to work within. Work currently underway with Lloyds Register covers a wide range of activity, from data centre design and operation, to security and operational best practice. Being part of a group that develops recommendations for cyber security is a great place Techbuyer can bring value to the process.

Bringing Value

All the lessons learned through various accreditations over the years – IASME, Cyber Essentials and ISO – not to mention the journey towards GDPR compliance, have given Techbuyer valuable experience in which systems need to be put in place, and the best method for verifying them. The company is in the unusual position of safeguarding Personal and Sensitive data at every stage of the lifecycle: from correct collection of contact details, right through to secure data erasure of our customers’ storage equipment. This means we have a wide view on the issues Data Centre Alliance and wider society face.

Headline grabbing stories like the Mirai botnet give an insight into sophisticated attacks. However, the majority of threat vector organisations face are much wider and easier to defend against. Companies who follow established best practice and combine this with good systems analysis and staff training are successful in this. Instilling a culture of awareness and care is a big part of the solution.

Techbuyer’s learning curve

The good news for the data centre is that some of the complexity of this is removed. Wifi and Bluetooth is minimal and security is tied to physical connections and IT networks. The key to damage limitation here is segmentation, so that if one server is infected then the rest of the servers are isolated from the virus or attack. The discussions we took part in at the DCA centred around how to marry these defences with physical threats like attack, shut down and the risk of fire. Just as with cyber security the risks are a combination of malicious intent and accidental damage. We are looking forward to working with the other organisations on the Special Interest Group to develop best practice to deal with this.

One of the things we were most impressed by at the DCA meeting was the high level of expertise in the room. With representatives from global classification society Lloyds Register, access and enclosure solution providers Southco, and Chatsworth products and wiring manufacturer Scolmore Group, we are looking forward to generating a gold standard best practice covering all aspects of security within the data centre environment.