With the large amount and growing sensitivity of information stored within data centers these days, it can be difficult to perform a safe move from one to another without experiencing a breach or a leak that could cost the company a lot of money.
Gregory Machler, an IT security professional, gave an example in a recent guest column for CSO Online. In his example, a company is moving its information from a data center from California to Chicago with applications that generate $50 million per year in revenue.
"First you determine the style of the architecture of the applications," Machler wrote. "Then you investigate the age of the tools used to build the applications. If the applications have a web interface, you deploy tools to protect them from attack while making the applications more secure. Then upgrade the infrastructure components. Update the change and configuration management processes. Scan and correct the application's web errors. Lastly, modify the application so that it supports the latest security tools that integrate with the application such as Active Directory for authorization."
If companies have older applications in place, there may be a lack of security. Machler wrote on CSO Online that companies must keep the source code tools and applications in place while performing development, testing and looking at production environments to make sure everything is in check.
Whitelisting could be the answer
Machler wrote on the website that the bar for web application security will grow higher over time and Internet risks should be controlled via a URL whitelisting tool.
"It tracks all URLs that are used properly over a period of a couple of weeks and makes a whitelist of them," he said. "Future attacks that attempt to move to URLs that are not in the whitelist will have the session dropped. This URL whitelisting protects web-based applications and gives a company time to mitigate application weaknesses."
After this, companies must make sure they have all information backed up, new IP addresses and DNS entries created and other tools and processes in place to be sure the move will be as safe and sound as the business needs it to be. Machler believes before getting to the new data center, the infrastructure, application tools and processes should be updated to include better security, thereby giving the company much better defense than they have had within their legacy setups.
Physical security is important too
One potentially overlooked data center security consideration is the importance of having robust physical security as well. Sarah Scalet wrote in a separate piece on CSO Online that, as good as cyber data security can be in a datacenter, there must be good physical security as well, such as good design and solid walls, in place as well.
"Be sure the building is some distance from headquarters (20 miles is typical) and at least 100 feet from the main road," she wrote. "Bad neighbors: airports, chemical facilities, power plants. Bad news: earthquake fault lines and (as we've seen all too clearly this year) areas prone to hurricanes and floods. And scrap the 'data center' sign."
Scarlet said on CSO Online that companies should be paying attention to how the walls are built in case of a natural disaster and should be sure to have redundant security, as this building has special data needs that others will not have.
Security News from SimplySecurity.com by Trend Micro.