“Acts of theft, fraud and vandalism in the data centre are three times more likely to be an “inside job’ than perpetrated by someone who’s unconnected with the company or Centre,” according to data centre specialists Migration Solutions. Speaking at the Data Centres Europe 2007 conference later this month, Managing Director Alex Rabbetts will be discussing internal security processes to safeguard the reputation of the industry.
“Data is personal, we’re talking about people’s private information and quite often their money,” commented Rabbetts. He continued, “Last year’s data centre robberies in London were widely publicised. However, this kind of external breach is still relatively rare and the principal threat remains the enemy within.”
Migration Solutions says that in its experience, around 65% of data centre security incidents are driven by malicious intent rather than economic gain – of these the top two categories of perpetrators are disgruntled current employees and disgruntled ex-employees.
Therefore physical security and logical security need to go hand in hand. Processes for managing staff access to the centre and to the data itself are as important to data centre integrity as reinforcing the doors and windows against a break in.
“Emerging security standards like ISO27001 (BS7799 or ISO17799) are helping to establish process and an audit trail in the data centre, but we need to push these harder if they are to become normal practice in our industry,’ says Rabbetts. “The truth is that for many organisations the price of not having the correct security processes in terms of corporate reputation and regulatory obligations, under SoX and FSA, will be far heavier than a burglary could ever be.’