FEATURE
vulnerabilities in data centres ’ ownership , geography , physical perimeter , data halls , network rooms ( or MMRs ), supply chains , staff and cybersecurity in a concerted effort to breach data centres ’ defences and acquire or tamper with sensitive information or disrupt critical services .
What are the principal threats ?
There is no one-size-fits-all approach to holistic data centre security . Every data centre will need to consider guidance based on their own risk assessments .
The targets are not limited to acquiring or degrading data . Threat actors may also seek to disrupt services by targeting data centres through either a destructive cyberattack or a physical attack .
Historically , the focus has been on preventing service interruption due to natural hazards , power outages , hardware failures or denial-of-service attacks .
Ransomware has emerged as a major threat . In a recent incident , stolen employee credentials helped the threat actors complete their attack . This was a great example of the requirement for physical and cyberthreat converging .
To address this trend , organisations need to bring together physical and cybersecurity of data centres into a single holistic strategy .
Only when this is done can they be confident of withstanding the diversified methods threat actors , cybercriminals and others may use to attack .
How do cyber and physical security converge ?
To be effective , the modern security plan should adopt a risk-based approach
Giovanni Grosso , Managing Director at G4S Secure Solutions Services
to security mitigation supported by a layered strategy which operates at different levels and integrates physical , personnel and cybersecurity in a single , holistic programme .
To counter the threat from forcible attack such as theft or terrorism , the ‘ 3Ds ’ philosophy of Deter , Detect and Delay attackers may be used .
By creating a highly visible security appearance or messaging , the goal is to provide a strong deterrent to the potential attacker . When an attack occurs , the objective is to detect attacks at the earliest opportunity and delay the attacker for as long as possible to enable response and intervention prior to any loss .
To counter the threat from espionage , the BAD philosophy should be used by implementing effective barriers , tightly controlling access and using technology to detect potential attacks .
In a reverse approach to that used for forcible attack protection , layers that form barriers , control access and detect attacks should be created as close to the asset as possible .
56 www . intelligentciso . com