Digital infrastructure and physical data security: understand best practices

Security
02/03/2023

Information security has been a widely debated topic throughout past years, if not decades.  As of the second half of last century, business models and even people’s lifestyles have become increasingly dependent on electronic equipment and digital information.  

Practically everything we do today leaves a track of bits and bytes which can be used positively or negatively. For companies, this data becomes a critical asset and losing it may even cause a company to shut down its activities. 

This naturally creates many concerns in terms of ensuring information security, whether for protecting businesses or people.  Movies and news reports put great emphasis on logical data protection, frequently showing hackers in a glamorous fight between good and evil.  Terms such as BCP (Business Continuity Plan) and DR (Disaster Recovery) are discussed within companies. 

However, a warning is in order! In day-to-day business, physical protection is as important as logical protection, although this topic doesn’t usually receive its due attention. 

What is needed to ensure the physical security of information? 

Physical security of information aims to ensure continuous operations, access control, and environment resilience. Digital infrastructure must respond adequately and protect its data based on the following principles: 

Environmental security: Directed at protecting equipment from natural incidents, such as floods, storms, earthquakes, or even human errors, such as strikes, road accidents or any kind of impact that can interrupt services due to the loss of carrier access or of capacity from the infrastructure’s operations. This includes duplicity of facilities, if necessary.   

Availability security: Related to ensuring redundant means for energy supply, equipment refrigeration, fire protection, and data transmission links, including IT infrastructure, such as redundancy of storage components, switches, load balancers, servers, etc. 

Physical security of the perimeter: This is to ensure that only authorized teams have access to equipment and infrastructure facilities. 

The topic seems simple and obvious, but it’s not.  There are several and different certifications in the market to align and ensure best practices in infrastructure security. Some are even specialized by business segment. 

In terms of perimeter security only, for instance, we can expand the topic into different sub-items and processes: 

Management of access requests: With defined processes and a system for managing and storing history requests, it aims to ensure that all authorized access to the infrastructure is vetted and approved according to their motives and capacities.  

Authorization of entry: This is the basic entry access but depends on the previous step being well executed to specify who can receive authorization. It demands steady hands to endorse information and execute the authorization of entry correctly. 

Reception and referral: Mainly in more complex infrastructures – such as large data centers – this is the stage where visitors are received in premises and accompanied to the spot where they should work or have access.  This stage ensures that a person authorized to execute a specific service is unable to access the entire location, which might cause incidents in other places inside the facilities. 

Access control and monitoring: Biometric sensors, smart doors with volume and weight identification for entry and exit, cameras, and security teams must be used to prevent anyone – through malicious intent or human error – from removing or placing equipment in the infrastructure without proper control. 

IT equipment lifecycle control: Analyzes the expected energy consumption as of the entry request; uses IoT technologies and automation, such as RFID, to control the equipment’s position inside the data center, registering and monitoring from entry, deployment, and operation usage up to the entire deactivation process, including data cleanup and certified equipment destruction, with less environmental impact. 

How and how much to invest in the physical security of digital infrastructure? 

A safe digital infrastructure may demand large volumes of investment.  We could say that the sky’s the limit, but it will never be possible to create a fault-free environment.   

The investment in physical security, then, will be inversely proportional to the business dependence on data. To lose last trip’s photos may make someone unhappy, but it won’t cause great harm.  On the other hand, losing customer and billing information may represent shutting down a business.  For a legal office to spend hours without internet access can cause a lot of headache but only a few minutes without access generates immediate financial impact on an e-commerce. 

Therefore, the amount invested in physical security and digital infrastructure redundancies is, in general, directly proportional to the financial volumes involved in the business and inversely proportional to an acceptable recovery time. 

That is, the greater the volume of money involved, the greater the concerns about infrastructure, as can be observed in the financial segment.  And the less time a business can afford to remain inoperable means greater concerns about security, as described in the e-commerce example. 

Cost, however, is not the only impact on an infrastructure’s security. Time and experience also count.  Building walls, power and cooling structures takes time.  Defining processes and control systems demand a learning curve.  

It may be tough to measure this time precisely as a cost, but it can be monetized as loss of business opportunities due to delays in going to market or even because of exposure to already existing business risks. 

A good way to shorten these times or adjust the cash landscape for the necessary investments in digital infrastructure is to contract infrastructure as a service from a reliable cloud or data center provider. 

These providers have facilities and processes already in operation, as well as certifications that testify to their qualifications, and a history of customers and incidents that allows them to validate and improve the necessary controls and redundancies to maintain operations at reliability levels that would be unfeasible for other ventures.  

If your IT team is still worried about understanding whether the electric generator will support the load in case of a power failure or if the LTO (Linear Tape-Open) will remain legible to recover backup, maybe it’s time to learn more about the processes and operations of a professional data center, to help you ensure the security of your business.  Cirion has the best data center structures and strict security protocols, endorsed by a series of certifications, not to mention a highly skilled team to support your company’s daily business. 

Author

Heubert River
Head of Data Center, Cloud & Security Operations,
Cirion Brazil

Heubert has more than 20 years of experience in leadership positions in data center operations in critical, high-capacity, and high-performance environments. He is responsible for Cirion’s Data Center Operation in Brazil since 2013.

He has an MBA in IT governance from USP/IPT, several technical and methodology certifications, as well as broad international experience, having led operations in more than 10 countries in Latin America, USA, and United Kingdom.

Share

Recent Posts

en el sector retail

The meeting rooms of the future

by | Oct 31, 2024 | UC&C | 0 Comments

Creating Collaborative, Future-Ready Meeting Spaces   Today’s technology is already enabling collaborative, immersive and highly productive meetings, offering a...

Data Centers, Free Energy Market, and ESG

by | Oct 3, 2024 | IT Trends | 0 Comments

Data Centers, Free Energy Market, and ESG New emerging technologies and services such as Artificial Intelligence and the crypto market, among others, are accelerating...

Happy CX Day 2024!

by | Oct 1, 2024 | IT Trends | 0 Comments

Happy CX Day 2024!    At Cirion, every interaction counts, and your trust is the engine that drives us to continue growing and innovating. From the beginning, we...

CDN, Emotion, and Security

by | Sep 25, 2024 | IT Trends | 0 Comments

CDN, Emotion, and Security   Nowadays, if you’re able to follow sports events, concerts, and games in real time and with high quality sound and image – and feel...

Data Center Certifications and Compliances strengthen quality of service

by | Sep 23, 2024 | IT Trends | 0 Comments

Data Center Certifications and Compliances strengthen quality of service and contribute to market competitiveness   With 18 Data Centers in Latin America, Cirion’s...

What specific tasks can AI automate?

by | Sep 16, 2024 | UC&C | 0 Comments

Transforming Productivity: Key Tasks AI Can Automate for Businesses What specific tasks can AI automate?   Generative AI has not just changed all professions, it's...

Data Center

AI and corporate digital transformation

by | Aug 22, 2024 | IT Trends | 0 Comments

Overcoming Early-Stage AI Challenges: Insights and Solutions for Businesses Artificial Intelligence early stage: Artificial Intelligence (AI) is emerging as one of the...

Cirion celebrates a new anniversary with investments, expansions and strategic alliances

by | Aug 1, 2024 | IT Trends | 0 Comments

  Today we are celebrating a very significant milestone in our history: a new anniversary as Cirion, a leading digital infrastructure and technology provider in...

Tecnología WiFi 7

Guide to understanding WiFi 7 and how it can facilitate computer security improvement

by | Jul 23, 2024 | Connectivity | 0 Comments

  Technology WiFi 7: The seventh generation technology could broadly outperform their previous versions in terms of capacity, connection speeds and latency Cirion...

Technological Innovation in Data Centers: Where are we and where are we heading?

by | Jul 18, 2024 | Data Center & Hybrid Cloud | 0 Comments

  Data Center Technological Evolution is one of the drivers behind the digital transformation of the last decade. From the boom of big data to the ubiquity of...