Boasting one the most secure data centres in the world, MIGSOLV knows a thing or two about what it takes to keep a facility safe. Located in Norfolk, 'The Gatehouse' is relied on by businesses large and small, as an impenetrable fortress to house their critical IT systems and data. A gated facility surrounded by 3 metre high security fences and technology that could rival a Bond movie, it is easy to see why MIGSOLV is trusted by so many. Here, managing director David Manning, takes the time to answer some of our questions.
In your experience, what are the top three threats to a physical data centre and client data?
Naturally, the purpose of the data centre like MIGSOLV is to mitigate any threats to client data. The three greatest risks we guard against are:
- Unauthorised physical access. No one can enter or make changes to IT without authority.
- Corruption or loss of access to data through power loss or equipment failure. We provide both instantaneous backup power and a climate-controlled environment that increases reliability.
- Unauthorised or accidental changes to IT equipment environment. Such a controlled environment means things don’t get accidentally unplugged or otherwise disturbed.
What are the most commonly attempted kinds of breach on a facility?
Physical breaches of data centres are very rare as their very nature deters would-be perpetrators.
Any attempted breach would typically be unauthorised personnel attempting to gain access and/or remove equipment. Neither should ever be possible in a dedicated commercial data centre like MIGSOLV.
Has there ever been an attempted breach on The Gatehouse? If so, what happened and how was it tempered?
No. The only time our security has been knowingly challenged was a customer’s auditor who sought to gain access without authority. He left very impressed that all our measures stopped him in his tracks and left his client’s IT was safe as houses.
When it comes to mitigating the risk of human interference, what steps should be taken to ensure data cannot be accessed?
There are three main steps:
- Substantial physical security including perimeter fences, microwave intruder detection, 24/7 guards and iris recognition to stop unauthorised entry.
- No-one is permitting to enter without a correctly authorised request, raised by the client themselves.
- Once inside, our technical staff, CCTV and physical security checks ensure client’s hardware is never compromised.
In a less secure facility, would it be possible for poorly trained staff or unwitting maintenance personnel to cause an accidental data breach? How important is education when it comes to security?
Anything is possible in a poorly managed environment. That’s why staff training is paramount. Also vital is a robust quality management system like MIGSOLV’s, with checks and balances which leave nothing to chance.
A lot of the security measures put place are preventative, however, should someone manage to make their way past the fences, CCTV and obtain or harm any data, what would be the steps taken then?
Our first step would be to notify the client and ask them to take appropriate steps. We’d also notify the relevant authorities including police. Regardless of security, almost all data in our data centre is both encrypted and backed-up so it can be recovered and restored.
In terms of legality, are there minimum requirements when it comes to data centre security that all must adhere to?
Unfortunately, no. However, there are many industry standards which clients should look for. Organisations need to be diligent and select a data centre with a world-class reputation and proven security features.
What is meant by ISO 27001 accreditation and what does this tell customers and clients?
ISO27001 is the international quality standard for an information security management system (ISMS). It’s ensures the right policies and procedures dictate the legal, physical and technical controls used to manage data and minimise risk. It’s an important standard for any high-quality data centre and is independently audited annually.
Legality aside, from your experience, what do you think should be the bare minimum?
Fundamentally, good data security is about multiple-layers of protection. If one layer is breached or fails, there must be several more to stop unwanted consequences. Good data centre management is typically evident by a tour of all areas, not just those they wanted to show you, and an officially recognised accreditation like ISO27001.
The Gatehouse is endorsed by The National Counter Terrorism Security. Do you feel data centres are a prime target for terrorism? What kind of data is it they hope to access or destroy?
Data is a prime target for terrorism, not data centres themselves. Most vulnerable is data held on non-secure commercial sites. Data centres like MIGSOLV provide the protection needed to keep safe the data we all rely on every day.
Terrorists want to cause disruption, so they would most likely target data which erodes customer confidence or stops companies functioning.
Like MIGSOLV in East Anglia, a good data centre is one which is positioned in a low risk location away from higher risk areas like London. NaCTSO’s inspection was another way of demonstrating our commitment to world-class security.
Speaking of location, how important is this when it comes to data centre security?
Location is vital. Firstly, a data centre needs to be in an area away from physical threats such as flooding. Secondly, it needs to be away from the greater threat of theft or terrorism around major cities. Finally, it needs strong connectivity to major carriers and networks. These are all factors which make MIGSOLV’s location in East Anglia ideal.
Security is no longer just a physical issue, is there any advice you would give in relation to cybersecurity?
Don’t overlook the basics. Password management, server patching and ensuring staff don’t connect unauthorised devices, are all important. In addition to the latest cyber security software, it’s also crucial to keep an encrypted backup of your data in a highly secure environment like our data centre.
Do you feel issues surrounding cybersecurity are progressing at a rate which makes it difficult to stay one step ahead of attackers?
It’s certainly daunting but, as the number of threats increase, so does the level if innovation and research into mitigating them. Hackers are smart but so are the people trying to stop them!
With regards to cybersecurity, much like physical security, would you say prevention was better than cure?
Always. It’s vital to have multi-layered enterprise level cyber security to stop or limit the impact of cyber threats. However, as they continually evolve, it’s important to have a strong backup in a secure environment like our data centre too.
Do you find clients are more security conscious in relation to their data than say, five years ago?
Undoubtedly. Though many of the risks have long existed, awareness is much greater. GDPR in particular has forced companies to contemplate the risk to their business if they do not physically protect their data.
In 2018 would you say security is a top priority for organisations? Are people aware of the risks, or is there currently a lack of knowledge surrounding security?
With increased awareness, data security continually rises up organisations’ agendas. Whilst cybersecurity gets most headlines, businesses are realising its physical security and loss access to data that may pose a bigger or more likely threat. It’s why so many businesses are now relocating their IT and data in our world-class data centre.
Picture Credit: www.fullmixmarketing.co.uk