Data Center Security policy is a range of technologies and practices adopted in order to safeguard a Data Center’s physical infrastructure, network systems, and internal assets from internal and external threats.
Purpose
Today we experience advanced attacks on organizations’ data center assets that are more serious, sophisticated, and extensive. Recently, advances in information technology facilities and usage frameworks including virtualization, mobility, and cloud computing have dissolved conventional security parameters establishing a conducive environment for hackers. This has forced covert state actors to come up with international sabotage and espionage campaigns in the form of advanced persistent threats. The purpose of this Data Center Security Policy is to provide a guideline in the form of best practices to combat advanced persistent threats against information infrastructure, information as well as information systems within the Datacenter.
Scope
A data center is fundamental to any organization since it houses an organization’s most critical information technology assets. This Data Center Security policy aims at protecting facilities within the data center mainly the email servers, application servers, database servers as well as the webserver they may also need to include the operator’s console. Essentially all these components house sensitive information that would affect the organization negatively if compromised. This Data Center Security policy is applicable and shall be communicated to all Tier 1 staff who are tasked with daily data center operations maintenance. This includes but not limited to web administrators, network administrators, database administrators, and support technicians who in most cases are responsible for the operations of the data center. Furthermore, this policy shall also demand compliance from senior management who are tasked with Organization information technology assets such as the CISO/CIO, CEO, and CSO.
Compliance
Compliance Measurement
The data center security team shall verify compliance to this policy via several ways including but not limited to regular domestic and external audits, periodic instant walk thru, CCTV video monitoring, software tool reports, and regular feedback.
Exceptions
Any exception to this policy must seek approval from the Datacenter security team prior to the exception grant.
Non-Compliance
It is the responsibility of all members of staff to report any confirmed or suspected breaches to this policy to the appropriate organizational organs. Reports shall be written or oral. Failure to do so shall result in any of the disciplinary actions stipulated below.
Any employee that willingly or unwillingly violates this policy shall be subject to disciplinary action including immediate employment termination. Furthermore, there might be exceptional cases that persons might be subjected to legal suctions as well as criminal prosecutions when a violation occurs. There are state laws that provide legal punishments for computer and cyber-related crimes.
Guidance
All employees shall be required to take part in all information security awareness training undertaken by the information technology department. In addition, any employee seeking an interpretation of any item within this policy can do so by consulting with any of departmental heads. The HR department shall also give out copies of this policy to all new employees as well as provide preliminary guidance.
Terms and definitions
Data
This refers to any information stored in any of the servers within the data center that is used by the organization as a foundation for presentation, decision making, calculation, or discussion.
Employee
An employee is anybody who has the authority and responsibility to enter, update, or read any information by the owner. They have been delegated the responsibility to ensure that the data integrity is upheld and that its availability and reliability I guaranteed.
Owner
In this case, an owner is a person whose business is responsible for the data within the data center or persons whose data is stored within any server in the data center. Where necessary, ownership might be shared between various stakeholders.
Information
This refers to electronic data files, source documents, and any reports or data derived from the data center.
Risk identification and assessment
| Risk Identifier | Description of the Risk (identify affected assets) | Response Priority (Most important = 1) | Control measure |
| Denial of service | Any action that results to compromise of any facility within the data center can result to absence of service. For instance if malicious activity in one of the servers results to server overload leading to server crush, services offered by that server shall remain unavailable until when fixed. | 1 | Increase use of external threat intelligence Create ready to use APT rapid response tactics Maintain a list of application systems at risk Create an APT checklist for assets at risk Focus on APT detection techniques and analysis tools Focus on incident response for APTs |
| Breach of confidential data | Any attacks on the data center facilities namely the email and database server could lead to a possible breach of confidential data. Any possible loophole in the data center infrastructure could facilitate such a breach. | 1 | Install firewalls, antivirus software and ensure regular software updates. Employ network segregation such that servers holding sensitive information are kept offline or within a domestic network. Enforce strong authentication mechanisms such as biometrics |
| Fraud/Pharming | Information within the data center more so with regard to financial records possess a significant risk of attackers using such information to commit fraud. Hackers could use information to exploit user financial accounts. | 2 | Focus on APTs in security awareness training Create ready to use APT rapid response tactics Focus on APT detection techniques and analysis tools Prepare an APT forensic response plan |
| Sabotage | There have been cases where competitor organizations sponsor attacks to opponent IT infrastructure just to sabotage them. The risk of sabotage of the data center is very much alive if the security mechanisms provide a loophole that can be manipulated to compromise the functioning of the Data center (Webb, 2014). | 3 | Increase use of external threat intelligence Create an APT checklist for assets at risk Focus on APT detection techniques and analysis tools Maintain a list of application systems at risk |
| Blackmail | Where any sensitive within the data center leaks to an authenticated user, it opens up a leeway for the person to use such information to blackmail the organization of the specific information owner for some financial or material benefit. | 2 | Focus on APTs in security awareness training Focus on incident response for APTs Create ready to use APT rapid response tactics |
| Identity theft | The risk of identity theft is very real in the scenario of a data center, where attackers one they have maliciously obtained secret information such as login details then use those details to disguise themselves as those individuals to gain access even other more critical systems. | 1 | Enforce strong authentication mechanisms such as biometrics. Change authentication credentials on regular basis. Focus on APTs in security awareness training Prepare an APT forensic response plan |
| Botnets | This is the risk of attackers possibly installing bots on the servers so that they can act as their agents to compromise the data center services. | 1 | Install firewalls, antivirus software and ensure regular software updates. Increase use of external threat intelligence |
| Malware | Attackers can infiltrate or bring down data center resources through installation of malware. | 1 | Install firewalls, antivirus software and ensure regular software updates. Increase use of external threat intelligence |
| Ransomware | There exist the possibility of malicious attackers installing software that holds users of the data center captive for financial gains. | 3 | Increase use of external threat intelligence Install firewalls, antivirus software and ensure regular software updates. |
| Viruses | This is a common threat to any networked system, hence this may bring down data center computing devices or compromise information in it. | 1 | Install firewalls, antivirus software and ensure regular software updates. Increase use of external threat intelligence Focus on APTs in security awareness training |
Policy
- The data center security management team shall maintain an updated list of systems at risk.–At any given point the team in charge of data center security shall be required to have a list of resources at risk including any newly installed components as well as their risk levels.
- The information technology department which also is in charge of the data center shall always put more concentration in training employees on advanced persistent threats security during training–During regular training or emergency training, the focus shall be primarily on training employees and users on better securing the organization from advanced persistent threats.
- Members of the data center security team and stakeholders shall come up with an advance persistent threat forensic response plan annually–The security team together with stakeholders shall prepare a forensic response plan to handle APTs every year due to the dynamicity of IT security. Furthermore, this response plan shall always be communicated to all employees during AGMs.
- Every employee of the data center shall undertake steps to ensure that they change their authentication credentials on a regular basis–Most users have been known to use one authentication credential across all systems as well as retain them for such a long time exposing them to possible threats. Where necessary, the systems shall automatically alter their authentication credentials periodically as well as guide them in changing those credentials.
- The data center team shall establish a checklist for APT for assets facing risks–From the lists of all data center assets, the security team will then create an APT checklist for all assets facing risks. The checklist should be updated regularly to factor in newly installed assets.
- The data center security team shall create a ready to use APT rapid response tactics–This should provide guidance in times of emergencies both to new employees as well as a reference point for existing members of staff.
- The data center management shall enforce strong authentication mechanisms within the data center–Stringent authentication mechanisms shall be installed including physical access control biometrics to reduce the risks of compromise as much as possible. This would also make it easy to detect any anomalies.
- The data center shall install advanced security firewalls and its employees ensure that they install antivirus software as well as update software regularly–Some of the APTs can be detected and thwarted through simple software procedures like updating software and using updated antivirus. The firewall shall help lock out network attackers.
- The data center shall increase the application of external threat intelligence–In most cases, the security risks that face a data center are external hence, the use of external intelligence mechanisms will promote early detection and prevention of possible security breaches
- The data center team shall focus on the incident response for APTs–Aside from the several security considerations within the data center, more focus shall be put on creating an effective response plan for APTs
- The data center management shall focus on APT detection techniques and analysis tools–The security team in the data center shall largely employ tools that facilitate APT detection and analysis to boost its security posture.
2 Comments
Comments are closed.