Data Center Security

Even the name is a sort of a misnomer.  Not that there isn’t a lot of physical security around most data centers.  The doors are locked and not even regular employees have access.  This is necessary, and if someone gained physical access they could really mess things up. But, this is not where the big risk typically occurs.

The growing challenge is data security – i.e. protection from threats that come across the wire.  With ubiquitous networks, and data moving everywhere, protecting the crown jewels is a full time job.  Hackers, malware, employee abuse, and other threats can lead to data exposure that is potentially devastating, and almost undoubtedly embarrassing for the IT manager.

Gartner recently declared IT security the number one worry of fortune 1000 companies. This is not surprising when a report from Symantec showed exponential growth in internet security threats.

There is no silver bullet, and there is no system that can never be defeated.  We need to do the best we can with the tools we have.  Doing anything less could be seen as negligent.

Like security in the physical world, data security is a combination of business process and technology.  Neither can be effective alone.  Business processes must make clear what roles deliver data access, data steward ship, data ownership, and data disposal.

<sidebar>Data disposal is going to be one of the biggest challenges to the promises of cloud computing.  If we consider a hosted app like “gmail” to be part of the cloud, then we either must accept privacy policies like “all data belongs to the host” or try to stick to using internal systems. </sidebar>

The other half of the security solution is technology.  Intel, and others, are delivering new technologies to the server to assist with security enforcement.  New string accelerator functions dramatically speed content scans for malicious data.  Technologies like execute disable & SM range registers provide improved protection against buffer and cache attacks.  The next generation of Intel server processors will introduce new features that can validate that code is un-altered and remove much of the overhead from encryption.

Security can not be an occasional focus any longer.  Every security manager will need to be up to date on the state of technology and tools, and have the social skills to drive good data practices into the work environment.