John Bekisz, Vice President of Data Centre & Critical Infrastructure Practice at Guidepost Solutions, contends that only a layered security programme can shut down insider threats.

Inside data centres, the greatest risk doesn’t always come from hackers outside the firewall, it often comes from the people within. Whether through deliberate sabotage or a simple mistake, insiders can expose sensitive data and disrupt operations. The infamous Office of Personnel Management (OPM) breach in the United States is a stark reminder of how devastating such vulnerabilities can be. To counter these threats, data centre operators are adopting new technologies to shrink their attack surface. But true resilience requires more than tools. It demands strategies that address the human element at the core of security.

The strategies implemented by data centres to support their security posture and provide more layers of defence revolve around the principle of a layered approach of overlapping operational, cyber, physical, and electronic countermeasures. 

In my work, I’m finding that data centre providers and operators are still using on-premises solutions, such as video surveillance systems existing on an organisation’s corporate network. This allows users needing access to these systems the ability to manage them globally, without having to make use of or expose sensitive assets to someone else’s ‘cloud’.

On-premises control extends beyond just video surveillance. It has evolved from a simple ‘castle and moat’ philosophy to a sophisticated, multilayered integration of technologies.

Recent trends offer additional countermeasure choices along with evolving technologies and/or processes. This includes deploying biometrics (such as fingerprint or iris recognition) along with brass keys and traditional access control. Every entry point, from the perimeter fence to individual server cages, is monitored and logged, creating a detailed audit trail of all physical access.

Data centres are also implementing technologies such as mobile credentials and mobile visitor management systems that offer a secure and convenient way to manage physical credential distribution and permanence. Additionally, the use of QR codes and biometrics has become increasingly popular for visitor management to better verify user identities and add an extra layer of security. 

Consistent auditing and integration between human resource databases, physical credential management systems, and logical credential management is critical to ensure that disgruntled employees don’t come back as visitors or gain access to assets.

Popular, yet practical, trends such as artificial intelligence and machine learning foster a more proactive approach to analyse and assess data in a more robust and real time manner, enabling security management and response professionals to be alerted of potential breaches and act accordingly. For example, advanced access control analytics provide real-time insights into access patterns and anomalies. 

By continuously monitoring access control transactions, security management personnel can be alerted to unusual activities that may indicate potential security breaches or misuse of credentials. Access control analytics can flag anomalies and alert management immediately, enabling swift investigation and response, such as an employee who typically accesses the data centre during regular business hours begins accessing it late at night.

While data centres implement advanced security technologies, such as access control analytics and biometric authentication, the human element remains a critical weak point. The insufficient integration between security program management, vendor management, visitor management, and human resources creates a gap often leading to vulnerabilities that can spawn insider threats.

HR departments play a crucial role in the hiring process, but they may lack the necessary insights into security protocols and potential threats. Conversely, security teams might not have access to comprehensive employee data that HR manages. Organisations must bridge this gap by integrating security program management with HR functions.

I have been advising my data centre clients to place greater emphasis on personnel vetting and background check processes. Continuous evaluation and more stringent background checks ensure that individuals with access to critical systems are thoroughly vetted and monitored. Additionally, I strongly encourage security teams and HR to share relevant data, align policies, and conduct joint training sessions. By doing so, they can create a more cohesive approach to insider threat mitigation, ensuring that both technological and human factors are addressed comprehensively.

When it comes to security, modern data centres demand a layered and integrated approach. Advanced technologies like AI-driven analytics, biometrics, and mobile credentialing, in conjunction with a collaborative effort between security teams and HR, will better address the growing risk of insider threats and ensure a more effective security program.