Requirements for a Secure Data Center

By /

Data Center Security entails installation of logical and physical systems to ensure that the data, operations and systems of the data center is safe from threats and attacks. Critical applications are hosted on data center on a shared access model. Complex network, storage and compute infrastructure is built to support these facilities.

Data center design, construction and maintenance Industry standards

Industry standards are there for the data center design, construction and maintenance to ensure that the data are highly secure, confidential and available.

Physical Security:

Physical security controls must be implemented to ensure that the location where the data center resides is secure from physical intrusion. Measures used to ensure physical security includes:

  1. Surveillance cameras
  2. Access controls locks
  3. The location must be not prone to natural disasters, such as fires, earthquake, floods, landslides etc.
  4. Fire suppression system
  5. The premise of the data center should not have company logos and must be discreet
  6. Securing entry points with biometric scanners and physical barriers including:
    • Granting access on a need-basis
    • Granting access to technicians and maintenance person with Multi Factor Authentication (MFA)
    • Ensuring that the device being granted access to is secure before being accessed.
    • Physically connected devices such as HVAC, elevators and IoT devices are secured.
    • Securing Wireless Access Points (APs).

Logical Data Center Security

Server level security

The following security controls can be implemented to secure the servers in a data center:

  1. Enabling only the required Services
  2. Allow access to services only on role base
  3. System update with latest patches
  4. Strong password controls
  5. Allow only secure protocols such as Https or ssh.
  6. Encryption of data at rest.
  7. Hyperscale security with scaling as per realtime network requirement
  8. Redundancy for high availability
  9. Ransomware, phishing protection, malware, virus protection
  10. Sandboxing
  11. Forensics, logging and SIEM to identify asset and traffic activity
  12. Endpoint Detection and Response (EDR) solution or antivirus
  13. Granting access with Multi Factor Authentication (MFA)

Network Level Security

  1. Firewalls at boundary points
  2. Intrusion Prevention Systems (IPS) to detect and prevent exploits.
  3. Protection from Zero-day attacks
  4. Zero-trust Network Access (ZTNA) or software-defined perimeter (SDP) for connection
  5. Next Generation Web Application Firewall (WAF) for web application and API protection
  6. Encryption of communication in transit
  7. High speed with no bottleneck
  8. Redundancy for high connectivity and availability

Finally, the data center must provide all the requirements and compliance guaranteed as required by certifications and framework, such as ISO27001, PCI DSS, NIST framework and Tier 4 data center certification.

Scroll to Top