Online privacy and protecting personal data are hot topics recently. A robust network is essential for businesses, hosting most of their crucial activities, like company data, customer data, and the exchange of financial transactions.
Nowadays, the threat of external cyberattacks by hackers and criminals is increasing. The consequences of a cyberattack can be significant for an organization, leading to financial and reputational damage or losing customers and income. Securing company data is essential.
Cyberattacks come in various shapes and sizes. These attacks can be aimed at the network, hardware, or software, varying from a computer virus or a hack to a DDoS attack.
For example, several cases recently emerged where Chinese hardware appeared to contain eavesdropping chips and malware. Prominent news media reported that the Chinese government had placed tiny bugs in Supermicro’s servers, which are used, among others, by Apple and Amazon data centers. Similarly, the Chinese company Huawei was accused of espionage through software. The US Department of State placed sanctions on Huawei, prohibiting US companies from doing business with them. In the Netherlands, a task force report investigated the vulnerabilities in the networks of Dutch telecom providers. No additional restrictions are currently imposed on Chinese equipment in the Netherlands, but, according to the Dutch General Intelligence and Security Service (AIVD), providers must take extra measures to prevent espionage from taking place via networks.
To limit the risk of cyber burglary, the equipment on which mission-critical applications run must meet the highest security requirements. In addition, it is essential that there is maximal protection for both the physical IT environment and the network environment where this equipment is located.
Organizations place their hardware at an external location using colocation (also known as “colo”). This location is outside the company premises in an external data center, so it is “co-located.” Organizations can rent racks in a server room for their physical hardware, such as servers and network equipment, in a data center.
The protection of data centers includes a series of policies, precautions, and physical security measures. They prevent unauthorized access to the equipment (and the applications running on it) within a data center, and they usually go further than the security measures of regular business premises. As an important primary source of data storage for organizations, the data center must make dedicated security efforts to protect the critical equipment of their customers. Organizations must always check which requirements and certifications the data center meets.
Today, securing your data is more critical than ever. Data centers (in cooperation with third parties) offer different solutions to protect networks against cyber threats. Some examples include antivirus and anti–spam products, firewalls, anti-DDoS solutions, and VPN connections.
These solutions protect your computer systems against viruses, spam, spyware, and malware. There are various software options for this.
A firewall blocks data traffic that is not welcome within a network. Security rules within a firewall filter traffic for those with and without access permissions.
When using MPLS, data is exchanged within a secure infrastructure managed by an MPLS provider instead of the public internet, making it invisible to external parties, making the network practically untraceable for hackers.
DDoS stands for Distributed Denial of Service. A DDoS attack aims to make a server, service, or the entire infrastructure inaccessible by sending a heavy volume of illegitimate traffic to a server. With the server overloaded, it becomes slow and unreachable for legitimate traffic. An anti-DDoS solution can detect and block DDoS attacks so that a server remains accessible.
VPN stands for Virtual Private Network. Via a secure, encrypted VPN connection, external computers can connect to a local network, such as a corporate network.
The General Data Protection Regulation (GDPR), the new European data protection law, came into force on May 25, 2018. Various certifications can show whether data centers meet these standards. For example, NEN 7510 and ISO 27001 are standards for information security. The ISO 27001 certification concerns establishing, implementing, controlling, assessing, maintaining, and improving a documented management system. The NEN 7510, a Dutch standard regarding information security, is an extension of it.
Michiel van der Donck, Security Officer at Smartdc, talks about information security. Read the interview.
Besides redundant power supply, cooling, and fire protection, physical security is one of the four foundations of colocation services. Through various physical security designs, data centers ensure that only authorized access to the colocation space occurs. For this, we apply several security layers provided with organizational and electronic security measures.