Security Market Segment LS
Friday, 03 April 2020 15:20

In conversation with: Joseph Badaoui Featured

By

We discuss security in a co-location cloud environment.

iTWire recently took the opportunity to chat with Joseph Badaoui, Senior Engineer at Digital Reality about security issues related to the rise in co-location (mixture of on-prem and cloud) and the requirement for a convergence of physical and cyber security. We took the view that "security" ought to be taken in a very wide view.

iTWire: Welcome Joseph Badaoui, thanks for your time. I'd like to first get to the heart of the issue and ask whether you think the private data centre, as we know it, is becoming redundant. Surely a cloud-based environment offers plenty of advantages.

Badaoui: Great question. Although perhaps we need to step back from that for a moment to consider all data centre factors before making that determination.

Obviously, your chosen data centre must be prepared for any of a number of unexpected events such as utility failure, cooling system equipment failure, fire, air quality issues natural disasters etc. To avoid the requirement for total data centre redundancy, building out a 'redundant design' is crucial.

iTWire: Clearly no-one wants to build dual data centres, just as an insurance!

Badaoui: Of course. But we still need to maximise our protection – to me, there are three redundancy elements to consider:

Firstly, it is important Ensure redundancy is built across system areas that are critical to delivering the capacity required to power, backup, and cool a facility at full IT load.

iTWire: I assume that means dual electricity supplies, independent air conditioning systems and so on.

Badaoui: Yes, that's right. Next, we must ensure the data centre has at least one independent backup system across all critical services unit. This will protect against complete system crash in the event of a component failure or if a system element must undergo maintenance. This means we're ensuring the systems in place are concurrently maintainable.

Finally, it is crucial that we confirm that the redundancy models extend beyond power and cooling to include the physical security infrastructure, and utilities within the data centre. This is essential to ensure operational effectiveness.

iTWire: OK, that gives us some context for what's inside the building and the services that are delivered, but what of the building itself? Presumably we don't have the funds to build an indestructible 'cube.' What should we do?

Badaoui: There are a number of measures that must be taken to protect against explosive devices, natural elements and potential intruders. Buildings should feature multiple layers of physical security including sufficient wall density, minimal windows and where required, use shatter resistant window film. CCTV with continuous recording (24/7/365), as well as plenty of external lighting are also essential.

iTWire: I recall hearing of other secure facilities that measure their security based on the amount of time a "determined intruder" needs to enter the building, achieve their objective and 'fight' their way out again.

Badaoui: Yes, that's certainly a useful yardstick. To complete my description, the perimeter of the building should also include a buffer, with security guards required for access. These measures will slow the time it takes for potential intruders to get in and out undetected.

iTWire: Of course it's all well and good to build this gigantic, indestructible cube, but we do need to permit people to enter and exit, particularly during an emergency.

Badaoui: As I see it, entry points should be limited to the main entrance and the loading dock, with vehicle access blocked by barriers such as bollards and concrete planters. To ensure safety during an evacuation, fire doors should be exit only and entry points should be monitored 24x7 using IP-enabled video surveillance. Cameras should be integrated into the network firewall so they are protected from cyber-attacks.

iTWire: Speaking of cameras, what are your suggestions there? Is there a one-size-fits-all solution?

Badaoui: Surveillance systems should be tailored to their application, which may include motion-detection, pan-tilt-zoom, and low-lighting capabilities.

Further, the security system should be isolated by data centre firewalls, with data retention and destruction policies for surveillance footage – I'd recommend keeping footage for a minimum of 90 days, with the ability to retain 'interesting' footage permanently.

iTWire: Clearly, if we're going to permit entry and exit by real people, we need to have some strong authentication processes in place.

Badaoui: Strict data governance measures – such as passwords and credentials - should be integrated into the network to manage user access. Therefore, ingress and egress access must be controlled by multi-factor authentication. If an organisation is employing biometric data, I'd recommend it remain in the possession of the end user.

iTWire: Indeed. I've personally visited facilities where people are weighed in "man-traps" on ingress and again on egress from the more secure parts of the building.

Badaoui: Yes, those are quite common.

iTWire: Speaking of physical security, are there other methods that ought to be in place?

Badaoui: I'd suggest that entry to secure areas of the data centre should require people to authenticate at least four times – for example, from the building perimeter entrance to lobby or loading dock and entrance to the most secure areas such as cages and cabinets.

iTWire: I guess that brings us to a useful completion. Although we're still left with the opening question as to whether the private data centre is redundant. Perhaps we can't make that determination but we have given potential owners plenty to consider.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.

REGISTER HERE!

LAYER 1 ENCRYPTION A KEY TO CYBER-SECURITY SOLUTION

Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.

DOWNLOAD!

David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

VENDOR NEWS & WEBINARS

REVIEWS

Recent Comments