Data lies at the heart of every organisation, and it’s the data centre’s job to ensure that all the data it houses is protected and kept safe at all costs. However, data protection isn’t always front and foremost in mind for data centres. It’s easy to assume that the provisions that are already in place are enough, and there’s no need to worry.
Data Privacy Day was first initiated as a reminder to all of the importance of protecting data. Threats to data can come in many forms, from cyber-attacks to a hurricane that creates a power cut, and so it’s important that data centres are always prepared for the worst.
Four IT experts share their top tips with Data Centre Review as to how best to ensure data stays protected - whatever the weather.
Educate your staff
Steve Nice, chief technologist, Node4 begins by explaining that the first step is to educate all employees:
“The challenges of data protection don’t have a single-bullet solution. However, every organisation has the ability to raise their game in a number of key areas, and succeeding in this is less about cost and more about making an active, long-term commitment.
“The first step is to treat your staff as your human firewall, educate them in the threats they may be exposed to and ensure they are active and aware of those threats – after all, they are your intelligent line of defence. On top of this, completing regular vulnerability scanning and penetration testing will provide crucial intelligence that your security is up to the job of handling the threats. Test again alas and again, because the threat landscape is an ever-moving beast. Finally, should a disaster occur, Disaster Recovery and backups are vital as a solution to threats like ransomware, but as these systems also become the targets of cybercriminals they need to be protected – not just seen as a siloed last line of defence.”
Carry out a cyber security assessment
According to Andy Swift, head of offensive security, Six Degrees, after training all users as to how to look after data, it’s important to carry out a cyber security assessment to see if there are any holes in the current data protection plan. Swift advises:
“Two areas I’d like to highlight this Data Privacy Day are your users and your backups. Security ends with your users – when all other technical controls have failed, they are the final control you should have in place to filter out malicious content. Investing in training to help users spot common phishing, smishing and other human-facing attack vectors is highly valuable, and helps promote buy-in from all users when your organisation introduces tighter technical controls.
“You should also consider the architecture of your file share and backup environments. Far too often we see backup servers configured without any segregation from the regular network, resulting in ransomware attacks infecting backups and rendering them useless. Ransomware is constantly getting smarter – if an attack can access your backups it has the potential to seriously damage your data integrity.
“These are just two areas for consideration – there are many more. But whilst protecting your data fully may sound a little too much like boiling the ocean, it needn’t be intimidating. By carrying out a cyber security maturity assessment, you can establish your organisation’s risk posture and create an action plan to address any weaknesses that are uncovered. In this way you can ensure your data’s confidentiality, integrity and availability is protected, enabling you to maintain your clients’ trust and preventing you from becoming a terrible lesson for other organisations to learn from.”
Double check you are compliant with all regulations
Eltjo Hofstee, managing director at Leaseweb UK suggests that, “data protection is an issue that has gone mainstream over the last few years, particularly with the implementation of the GDPR.”
“For businesses in the UK,” Hofstee continues, “Brexit has added some uncertainty around data protection in terms of legal compliance and disaster recovery processes. Based on the current conversations between the EU and UK, nothing will change with regard to data protection laws after Brexit, however, it may be good business practice for organisations that have not reviewed their position before now to evaluate their data, assessing potential risks associated with current storage processes and locations, as well as DR practices and hosting options.
“Any uncertainty relating to hosting sites can be minimised by setting up a cloud hosting platform in a hybrid way, where data can be stored, protected and managed using at least two different locations and jurisdictions (i.e. EU + UK). Having said this, it might be a bit too early to already make these kind of changes, and while we don’t believe the UK will move away from GDPR, it’s certainly top of mind for many of our customers. And, while the uncertainty remains, being prepared for any eventuality is probably the most sensible approach.”
Be confident in your data security
Jon Lucas, co-director at Hyve Managed Hosting rounds things off by advising how to best ensure that you have complete confidence in your data security:
“The interest around GDPR’s introduction was nearly two years ago now, and data protection still rightly remains firmly in the spotlight. After an onslaught of data breaches and leaks flooding our news feeds throughout 2019, having confidence in your data security is becoming all the more crucial. Hosting and cloud providers in particular must ensure that their customers’ data is kept safe by prioritising security measures that can help prevent cybercriminals from taking advantage of vulnerabilities. It’s now commonly accepted that it’s a matter of when, not if, attacks occur. In the event of a breach, businesses should be able to trust that their provider has suitable security and recovery measures in place, in order to give them peace of mind that no harm will come to the valuable data placed in their hands.”