With an increase in the demand for data centres, there has been an increase in the number of cybercrimes. Organisations at times overlook the security aspect of building a data centre. So, how can DC’s ensure good cyber security systems?
At W.Media ‘APAC Data Centre Security Symposium’, hosted by Axis Communications, Genetec and Mitkat, the panellists included Ganesh Pawar, Director, Facilities Operations, GPX India Pvt Ltd, Sudhanshu Datt, Director, Data centres, AECOM, Jose Thomas, National Sales Manager, Axis India, SAARC, Axis Communications, Ashwin Ijantkar, Principal Consultant, Epsilon Design Consultancy Pvt Ltd and Malcom Kunder, IBMS Lead, Design Data Centres, AdaniConnex and was moderated by Sushil Kumar, COO, MitKAt Advisory Services Pvt. Ltd, India.
In India, tier 2 cities are expected to have edge data centres and if a better infrastructure is provided then even hyperscalers could be set up. It is a very dynamic and changing landscape and hence it is a very dynamic and changing threat landscape as well. The data centre will be put to test in different geographical landscapes and we all acknowledge that a data centre is an asset of strategic financial importance and most people will be interested in such a financial target.
So, the security design will have to be taken into consideration and planned ahead to anticipate the possible intrusion in the security and data infrastructure.
“The first step which I would recommend is having a proper Threat Vulnerability Risk Assessment (TVRA) as a part of the due diligence exercise itself. If a particular data centre has to set up an installation at any location, the first step which is recommended is a proper TVRA that is the Threat Vulnerability Risk Assessment which will look at a location not only from the perspective of how effectively it can be fortified but also look at other important elements, for example, the social environment in which the installation is coming up.
The surroundings which are around the data centre, what kind of locality we are trying to visit. Is it an industrial area, is it a residential zone that plays an important role in assessing the threats. The political environment at the proposed location becomes important,” said Ashwin Ijantkar, Principal Consultant, Epsilon Design Consultancy Pvt Ltd.
He further pointed out that the TVRA report has to look at other elements which might not be a part of due diligence, for example, is the land near a public parking area or public railway station. All this could lead to a threat that the standard due diligence might not be able to address.
It is important to work on the TVRA report and various aspects should be covered in it and come out with a proper analysis. Then the low voltage electronic security can come in and mitigate the risks that have been put forward in the report. For every single risk register which is added in the TVRA report, the security systems can be designed to mitigate those risks. This should be the first step in the electronic security system design.
“Electronic security today is hugely IT-driven and as IT technologies are rapidly advancing the security technology is also advancing. The designer has to be in sync, they cannot stay behind, and they have to be in sync with the IT technology and security technology and keep on updating themselves and also ensure that the deliverables which are being rolled out should also be in sync with the latest technology.
This means that the days when we looked at silos, CCTV, access control and intrusion as separate silos, those days are gone. For effective data centre security, it is important that all the systems talk to each other and lay information and ensure that they don’t work as individual compartments.
We are looking at integrated platforms where all these different security elements should plugin in a protocol-agnostic software which should be able to pick up data from various security elements and at the front end, a process that data using AI and analytics and other tools that come as an individual software patch laid over the base software and it should provide the security team with situation awareness, it plays a major role in the design of data centre in today’s time to ensure that you have to have an integrated platform.
I would always put it that way because security in a data centre comprises two elements, one is automated electronic security and physical security and these two have to be in sync. Only then it will be possible to use situation awareness platforms,” added Ijantkar.
He further underlined that today there are use cases in data centres wherein the security of the data under the security system might be integrated with business processes. For example a building automation system.
An interesting case which he shared was of a DC operator in India who is a colocation data centre player and wants to add value add so he wants to give a landing page event to the smallest customer, so when one goes on the landing page where one would be able to see the temperature, humidity the power being consumed by the racks and also a CCTV feed and an access control data on one single page.
This would require integration between the business process and security systems. The landscape has changed not only from the threat perspective but fulfilling the business processes of data centres.