Globally, data centres hold over 1,500 exabytes of data. That’s 1,500,000 petabytes. 1,500,000,000 terabytes. 1,500,000,000,000 gigabytes. To put that into perspective, the average computer hard drive is around 1 terabyte these days, so it’s roughly equivalent to 1.5 billion computers worth of data.
That’s a lot of data to keep protected, so how do they go about ensuring that it is all secure? Well for starters, not all of them do. The most secure data centres are ISO 27001 certified. This accreditation is a sign that their Information Security Management Systems (ISMS) are in line with the highest standards and it covers all legal, physical and technical control risk management.
Without going too much into the finer details in this blog post, ISO 27001 covers all of the following in 12 main headings:
- Risk assessment
- Security policy
- Organization of information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Access control
- Information systems acquisition, development and maintenance
- Information security incident management
- Business continuity management
In terms of physical safety, all data in ISO 27001 data centres have manned security checkpoints and are externally patrolled 24/7. Sensitive areas of the data centres are completely isolated, requiring both card and fingerprint scans to allow authorised personnel entry. It might sound like I’m describing a building from Mission Impossible, but I don’t think even Ethan Hunt could break in here!
On top of the security equipment and personnel, the data also needs to be kept safe from other factors, such as power cuts. To combat this, the centres also have automatic power failover and full equipment failover, meaning power and servers, etc. are switched over to backup systems in the case of any faults.
To reduce the risk of fires, oxygen levels are kept between 12% and 15% to ensure the environment is still breathable for humans, but fires don’t have enough oxygen to propagate. Coupling this with VESDA early warning smoke detection, risk from fire damage is greatly reduced. But still, what if there is a catastrophic event and the data gets destroyed here? Well, not to worry, as all data is backed up separately in case of damage or hard drive faults.
So, that’s the physical protection dealt with. What about the cyber protection? Obviously it wouldn’t be the best idea to share all of the security details here, as that would give hackers specific things to aim for. However, we can say that the scope includes corporate policies and practices, IP network information security, anti-virus software and continued monitoring. One example is ensuring software and firmware is always updated to the latest version.