What is Data Center security? How to ensure data are stored in a digital fortress?

EBRC owns three Tier IV certified Data Centres
By EBRC 11/12/2019
Banking, Insurance & Fintech
Health & Life Sciences
Public Sector & European Institutions
Defense & Space
Technology & Software Providers
Energy, Logistics & Industry

At a time when data is getting our full attention, let’s take a look at Data Centers as the foundation for the performance of the digital economy. How is a Data Center a digital fortress? Given that information is the lifeblood of a business, its management and processing require the utmost vigilance and therefore require a suitably secure and available hosting infrastructure to be developed.

What is a Data Center exactly?

Let’s go back to the time when Data Centers first emerged. American economist and essayist Rifkin stated that the digital revolution that we are currently experiencing is comparable to an industrial revolution. While the industrial revolution of the 19th century was based on a capitalism of material goods, we are now moved to a capitalism of information. Accordingly, it is necessary to pay special attention to the management of this century’s new economic resource: data.

Data Centers were created for the purposes of hosting the computer equipment required to store and process data on physical sites, whose physical location is obviously extremely important. They can be either internal or external to the business. Similarly, they may be operated by service providers, if so desired.

However, they are not defined by their physical size. A Data Center could comprise a computer room containing dozens of servers or a hyper-secure building comprising several hundred or several thousand square meters of server space.

Data Centers security: the digital fortress of the 21st Century

If a business decides to entrust the hosting of all or part of its information system to a service provider, the latter’s priority will be to provide a high-quality service and all guarantees relative to the protection of the data. The aim is to enable the client business to exploit its data in the best conditions possible. Accordingly, the Data Center must offer a high-performance and secure IT environment.

Data Center criterias: ensure security and avoid downtime

The defining criteria of a Data Center are the level of availability of critical services and its ability to deal with potential failures without interruption of service, which is called resilience.

Since the late 90s, Data Centers are categorised from Tier I to Tier IV based on the typology of their critical infrastructures. An in-depth audit performed by an independent body ensure the offered services meet a certain standard.

Tier I standard being the basic level, unable to cope with failures or hotfix requirement. Conversely, Tier IV Data Center  is called “fault-tolerant”. It is designed to host mission critical servers and computer systems, with fully redundant subsystems and compartmentalized security zones controlled by biometric access controls methods

The Data Center, at the heart of the European ecosystem

As we have seen, there is a data management ecosystem which is de facto dependent on the availability and security of said data. The European Union is aware of the economic and geostrategic challenges of the digital world and is seeking to establish a Digital Schengen Area by promoting a European digital space that fosters innovation. This would be a single European digital area covering data as a whole. Personal data is currently regulated by the “General Data Protection Regulation” (GDPR). Additionally, a European directive on non-personal data is currently being drafted. The aim is to guarantee the free circulation of data, thus becoming Europe’s fifth freedom after those of persons, goods, services and capital.

This is a major reform at global level. With this regulation, Europe affirms that digital is the industry of the future.

Data security and protection: key challenges of Data Center

In parallel, the EU must protect itself against new threats related to digital such as cyber-attacks. 87% of Europeans believe that cyber-crime is a considerable threat to the EU’s internal security. Thus, the ENISA aims to provide guidance and assistance to the European Commission and the Member States with regard to cyber-security issues. The agency, which will be strengthened and become the future EU Cyber-Security Agency, has for several years organised Europe-wide cyber-security exercises aimed at helping the Member States to be better equipped and better prepared to face such attacks. The 2016 Cyber-Europe exercise addressed the resilience of digital infrastructures, including Data Centers, Cloud and Internet services. As for the 2018 exercise, it addresses cyber-risks in the airline industry.
Today, the goal is to work with governments and businesses in the digital sector.

The “Cyber Europe 2016” cyber-attack scenario organised by the ENISA, which over 300 businesses and organisations including EBRC took part in, revealed the complexity and fragility of the European digital ecosystem should data security and protection issues not be considered to the extent that they deserve to be. It was a very dark scenario inspired by, among other things, realistic blackouts and dependence on digital technologies produced outside of the European Union. It obviously targeted Data Centers, Cloud services and Internet networks and made use of recent cyber-security attack techniques such as “ransomware”, more sophisticated methods, as well as physical attacks.

The aim was to test international cooperation mechanisms at the European scale, as required by the new European NIS “Network and Information Security” Directive which entered into force in May 2018. The Directive aims to strengthen resilience in the digital world, in the key sectors of the economy, for essential services (energy, transport, health sector, banks and financial markets, etc.) as well as for digital service providers.

The NIS directive even goes further by asking each government to identify and classify companies as “Operators of Essential Services” or OES. These companies are vital for the economy of a country is case of a disaster and must, therefore, assure their business continuity.

Data Center to be resilient in the virtual world we created

The Data Centers and Cloud services on which the digital economy is based and which host the data must therefore be or become cyber-resilient. In the physical world, human beings face various threats on a daily basis. Over the course of millions of years, throughout its evolution, mankind has had to continually adapt to face threats and risks from its environment by strengthening its immune system, by developing new skills and by creating new tools to ensure its survival. This experience of resilience acquired in the physical world is now brought into contact with the intangible virtual world which mankind itself created. In the digital world that governs our societies, it has now become vital to ensure that such resilience is achieved. And cyber-resilience must be built first and foremost   but not exclusively   on the Data Centers which must become digital fortresses able to contend with the threats of the digital world.

* https://www.europarl.europa.eu/news/fr/headlines/security/20190307STO30713/le-parlement-europeen-veut-renforcer-la-cybersecurite-en-europe-infographie