Ben Hatton Data center insider threats (and how to prevent them)

The threat of data breaches and data theft have been in the news a ton lately, and we’ve written a lot about it as well. Much of the assumption is that these threats primarily come from outside of an organization, and while that’s true, a sizable and growing percentage are what can be considered as ‘insider threats’ from a company’s own employees or contractors they are working with. Insider threats

Quick definition

An insider threat can most often be defined as an intentional act by an employee to steal or destroy sensitive company data. Whether it is a disgruntled employee who has been terminated, or an employee or contractor wanting to make money off of sensitive data, this type of threat is very real, and a recent study shows just how big of a deal it can be.

Insider attacks are on the rise

A recent study of over 500 security professionals by Vectra and Linkedin showed me some insights into just how prevalent this type of threat is, and I believe a lot of this information is definitely worth digesting if you are a company that relies on a large amount of sensitive data on a daily basis. I’ll start off with a few of what I found to be the most relevant findings from the study (PS: you can view the study in its entirety here).

Here are my 3 biggest take-aways:

  1. 62% of the security pro’s who participated in the study said that they have seen instances of insider attacks increase in frequency over the past year.
  2. Less than 50% of the organizations surveyed have policies or monitoring in place to help prevent against insider attacks.
  3. The specific types of data that are the most vulnerable are customer data, intellectual property, and corporate financial data.

Your biggest take-away: managing who has data center access

These stats as well as others from this report clearly indicate that your business data has the potential to be susceptible to threats from inside your organization, and that lessening the risk from these types of threats should be a priority. There are a number of ways that this can be done from a policy standpoint, which I’ll look at in a future blog post (stay tuned!), but a big thing that we advocate at Data Cave is monitoring and managing who has access to your colocated equipment at any given time.

For many of our colocation clients, this involves receiving reports from Data Cave of which employees have access to their server equipment at regular intervals (once a month, for example). This way, they can always have accurate information on who should be accessing their data and equipment, and they can also make adjustments as people leave the company, or new people come on board.

Another big thing we often recommend to our clients is to reach out to Data Cave as soon as possible in the event that an employee leaves the company, so that their data center access can be revoked. A disgruntled former employee who has access to IT equipment and sensitive data can easily become a security risk, and ensuring that their data center access is immediately revoked will help to prevent this from becoming a serious threat.

Insider threats certainly aren’t a guarantee for every company, but they are always a possibility as evidenced by this report. Taking steps now can help ensure that your data can be better protected in the event of any such threat.

 

Share this with your friends!

Share on Facebook Share on Twitter Share on LinkedIn Share on Google+

 

Ben Hatton The benefits of data center consolidation

I’ve written a lot about how data center colocation can help your business grow, especially if it is growing faster than your current data center can keep up. However, we don’t often think about the other side of the spectrum, where an organization may be so geographically spread out that it becomes more efficient and cost-effective for them to consolidate multiple data center locations into one. While this practice is sometimes a necessity for some businesses, it virtually always brings major benefits that I want to highlight in this post. Data center consolidation

Quick disclaimer

I’ll make the fairly obvious point that consolidating down from multiple data center locations isn’t something every company will ever need to go through. Consolidations are undertaken by organizations that already have multiple data center locations, usually as a result of having multiple geographic locations across a region, or the country. If a business has multiple offices throughout the country, for example, and each office has its own server room or data center that backs up data and runs applications, then this would be a prime candidate that could benefit from a data center consolidation.

Why consolidate?

Organizations like this that choose to reduce their data center footprint see several positive benefits, including:

Cost savings from having fewer data center facilities and space to maintain.

Stronger security as a result of their infrastructure becoming more centralized and less geographically spread out.

Easier to stay in compliance with fewer locations that must be audited on a regular basis.

The results speak for themselves

Easily the biggest real-world example of a data center consolidation project can be seen in the US government’s consolidation initiative that began back in 2010. Over the past 5 years, government agencies have reduced their number of data centers by the hundreds, and the process is still ongoing. To date, these agencies have seen an estimated cost savings of $2 billion as a result of this consolidation, with an expected additional savings of over $4 billion over the next 3 years*. They have been able to see significant savings while also leveraging new technologies to operate more efficiently and dynamically than ever before.

These are just a few of the high level reasons why it’s a smart business decision to consolidate and reduce your overall data center footprint when possible. In a future post I’ll look at some ways that you can begin planning for a data center consolidation as well…stay tuned!

 

Share this with your friends!

Share on Facebook Share on Twitter Share on LinkedIn Share on Google+

Ben Hatton Why data center humidity may be going down

Humidity

Image courtesy of Flickr user mag3737

When it comes to data center environmental monitoring, temperature and humidity have always been the key metrics that provide insight into a data center’s operating environment. Like the temperature, humidity is something that is continually monitored to ensure it is kept at a consistent and acceptable level (traditionally this level has been in the range of 40-55%). At Data Cave we monitor and maintain this humidity level in all of our data suites.

With many of the advancements in server technology and in modern data centers, this traditional level has been gradually shifting, just like the recommended temperature has been (check out our Why Data Center Temperatures are going up post to learn more about that). ASHRAE (American Society of Heating, Refrigeration, and Air-Conditioning Engineers), the leading authority over heating and air-conditioning standards across many different industries, has adjusted its recommended humidity levels for data centers from time to time over the years, and is poised to announce more changes to its recommendations later this year.

Specifically, they are expected to publish recommendations that the relative humidity (dew point) of data centers can be made lower than it has been in the past, without having a substantial impact on electrostatic discharge (ESD) put off from server equipment. This is based on a recent study that they undertook together with the University of Missouri.

Some background

It’s a well known fact that when a room is less humid, the air is naturally dryer. This leads to an increase in static electricity that is generated from constantly running server equipment. If this electricity goes  unchecked, it can often lead to a discharge, which can damage or destroy the server equipment.

The reason this study (and the anticipated recommendations coming out of it) is so relevant, is because it could have implications for how data centers manage their humidity levels, as well as how frequently may they utilize free cooling methods. If it can be documented and proven that a lower relative humidity can be implemented without noticeably raising the risk of ESD, that could lead to a change throughout many data centers.

Many classes of recommendations

An important thing to remember when it comes to the existing and future recommendations on humidity levels, is that the recommendations themselves are relative to specific types of equipment. ASHRAE uses several different classes of equipment for its temperature and humidity recommendations, with the overall recommendations varying from class to class. Many of these classes have been added just in recent years as newer, more sophisticated types of IT equipment have come on the market that can handle higher temperatures and lower humidity.

Moving in a good direction

What this indicates to me is that any shift towards lower humidity levels in the data center is really the result of advancements in server technology, cooling methods, and data center layouts. If ASHRAE does indeed lower their recommendations on data center humidity levels, I believe it will be a strong indicator of how far we have come in terms of the technology that exists, as well as where the industry is heading in with regards to humidity.

 

Share this with your friends!

Share on Facebook Share on Twitter Share on LinkedIn Share on Google+

Ben Hatton Is your cyber security a company-wide effort?

As we’ve touched on in the past, a company’s cyber security risks are always present and growing, and security efforts are an ongoing and continually evolving exercise. However, for many companies the required prioritizing and budgeting for cyber security is often left by the wayside, depending on the level of awareness, accountability, and collaboration that exists throughout the organization as a whole. All hands on deck with cyber security

Having a successful cyber security strategy means having shared collaboration, accountability, and ownership of your security throughout all of the levels of your organization. This ‘all hands on deck’ approach is essential, so I want to look at some ways that a company can create an environment that makes cyber security more than just a goal for the IT department, but for the entire company.

1) Raise your collective knowledge level

Arming your organization with knowledge is one of the best steps you can take towards embracing stronger cyber security efforts. Since the risks are always evolving, the information and the technologies that are out there are always growing as well. Because of this, it’s vital to stay educated and well informed of trends in the security industry, the latest vulnerabilities, how other companies are responding to security risks, and more.

2) Raise your accountability

After the Target breach last year, most of the blame for the breach was ultimately levied against the company’s upper management and board of directors, for an overall ‘lack of management and ownership’ of the company’s cyber security. That breach was a wake-up call in a lot of ways, but especially in the sense that a company’s cyber security strategy really needs to start at the top in order to really be effective. Cyber security is something that is ‘owned’ by everyone in an organization, but that ownership example has to be set by the organization’s top management. When that final ownership (and the accountability that comes with it) is taken at the top, the importance of security can be better prioritized as a company goal that in the long run, everyone will be accountable for.

3) Raise your preparedness

A final area to consider is your organization’s ability to assess your actual preparedness level against security threats. This means engaging in the ongoing planning, implementation, and testing that is required for any cyber security initiative. When every level of your organization is ‘all hands on deck,’ full preparedness becomes a much more attainable goal.

More and more, cyber security isn’t something that is relegated strictly to the IT world, but it has become a challenge to companies as a whole. And as such, it can only be effectively tackled when every level of an organization works together. By actively engaging every level of your organization and getting everyone involved in this process, you can take the first steps towards an effective, long-term security strategy.

Share this with your friends!

Share on Facebook Share on Twitter Share on LinkedIn Share on Google+

 

Ben Hatton Sensory Technologies: A data center case study

Sensory Technologies case study

Case study on Sensory Technologies, a great Data Cave client

In addition to providing companies with a higher level of security and availability for their data and equipment, for many we are also able to contribute to their overall growth, through our colocation services. This has been the case with Sensory Technologies, an Indianapolis-based audio-visual solutions provider that is one of our many great clients. Their explosive growth made it necessary for them to identify a data center provider with the capacity, redundancy, and connectivity to ensure a much higher level of scalability than their original location.

We have created a new case study that takes a look into their data center story. In the study you will learn more about this great company, including:

  • The biggest objectives that drove their data center decision-making.
  • The key reasons for their partnership with Data Cave for their colocation needs.
  • Improvements to their data center environment and overall scalability, as well as their future growth plans.

We are excited to share their story with you, and we hope you get a lot out of it! To download the whitepaper, just click the link below to be taken to the download page:

Sensory Technologies Case Study – Download page

Share this with your friends!

Share on Facebook Share on Twitter Share on LinkedIn Share on Google+

Next Page »