A recent Gartner study found that organizations’ overall spending on datacenters is set to amount to $221B in 2023 – a predicted rise of 11.3% in spending since 2021. It’s clear that investment in datacenters is a global priority for businesses. However, when organizations eventually decide to house or move their data into another datacenter, there are risks to be considered. At the end of the day, no organization wants to jeopardize its most precious commodity – the data.
Things to be on the lookout for
Organizations must be aware of the inherent risks operational technologies (OT) used by datacenters pose.
Let’s take a common example: a legacy HVAC management interface that’s been left exposed to the internet in the name of convenience. It’s either unpatched or unsupported, and leaving this exposed to the internet can put the whole datacenter operation at risk of a low effort cyberattack. Poor network segmentation and segregation means compromised OT systems also endanger the datacenter’s customer networks. It is important for organizations to consider the robustness of the datacenter’s OT security when looking to migrate their data.
Considering the risk accompanying legacy security systems, businesses should be aware of the datacenters that have actively improved their security systems and policies and those that have not. Warning lights should be flashing in peoples’ minds when they stumble across datacenters that do not conform to international infosec standards such as ISO 27001, which allows for the identification, treatment, and management of risk.
At the very least, datacenters must have basic security procedures in place such as ensuring that networks are unable to connect to external computers or networks (also known as air gapping). Businesses should take the opportunity to ask the datacenter provider about the shared responsibility model, so they know for sure who is responsible for what.
The key message to bear in mind
For any business wanting to keep its data secure, a good ethos to have is: “Once it leaves your rack, treat it as if it’s on the internet.” Don’t outsource part of your security to the datacenter provider’s network if you can take steps to secure it yourself. This applies to inter-datacenter connections as much as it does to traffic that would route over the internet.
How to choose the safest datacenter
When the time comes for businesses to choose a datacenter, there are two crucial steps for finding the safest: ask the right questions and conduct a thorough comparison.
In the initial phase of scouting for a datacenter, it’s better to be risk averse. Find out about the power supplies, cooling, rack space, etc. the provider is using. Also, research how it addresses physical, cyber, OT and network security.
If you’re satisfied with all of that, the final set of questions should be about the value-added features: what’s included as part of the offering, are you going to be charged for every little extra, do they have smart hands as well as remote hands services, and so on.
Organizations should be comparing a range of datacenters simultaneously. The datacenter market is heavily saturated. With so many datacenters to pick from, organizations will be looking for the cheapest option, but shouldn’t ignore factors such as datacenters’ networking needs, access location and points of contact if an outage occurs.
Finally, outdated security infrastructure should also be a red flag. If a datacenter provider shows no interest in its modernization, organizations would do well to steer clear of it.