Another Brick from the Wall - Leadership thoughts
Jericho Forum
Subscribe to this blog
About Author
The Jericho Forum is an international group of organisations working together to define and promote the solutions surrounding the issue of de-perimeterisation. Members include top IT security officers from multi-national Fortune 500s & entrepreneurial user companies, major security vendors, government, & academics. Working together, members drive approaches and standards for a secure, collaborative online business world.
Contact Author
Email JerichoDatacentre defence starts at the front door
The raid on Vodafone tells us that security must also be basic
Published 10:09, 02 March 11
It doesn’t matter if you have invested in the cloud or not, computing applications require hardware to run on and a place to live. Nowadays, the general feeling is that datacentres are the best place for this to happen.
But as the Vodafone break-in and equipment theft this week showed they are not infallible. Datacentres more often than not plan for disasters such as fire, flood and terrorist threats, but this incident shows that damage resulting from the theft on a grand scale is less often considered.
In general there is an all or nothing approach coupled with individual system solution to disaster recovery; no-one anticipates that, for example, all the comms equipment will go, or that someone will steal the disk arrays.
However this incident shows that it is now worthwhile to target datacentres for specific reasons so it is time to up the ante on physical security. And while you are at it, add a few more scenarios to the disaster recovery/business continuity plan.
On the topic of datacentre thefts, there was a case a few years ago where disk arrays were stolen in the days before data loss became the keen issue it is today. What would the impact be today if a disk array was taken and does every company encrypt such data? I doubt it, but it might be time consider doing so.
Guy Bunker, Jericho Forum board member
But as the Vodafone break-in and equipment theft this week showed they are not infallible. Datacentres more often than not plan for disasters such as fire, flood and terrorist threats, but this incident shows that damage resulting from the theft on a grand scale is less often considered.
In general there is an all or nothing approach coupled with individual system solution to disaster recovery; no-one anticipates that, for example, all the comms equipment will go, or that someone will steal the disk arrays.
However this incident shows that it is now worthwhile to target datacentres for specific reasons so it is time to up the ante on physical security. And while you are at it, add a few more scenarios to the disaster recovery/business continuity plan.
On the topic of datacentre thefts, there was a case a few years ago where disk arrays were stolen in the days before data loss became the keen issue it is today. What would the impact be today if a disk array was taken and does every company encrypt such data? I doubt it, but it might be time consider doing so.
Guy Bunker, Jericho Forum board member
Print
Email
