This page contains a Flash digital edition of a book.
MANAGED SERVICES security


The type of identification needed to access a data centre should include a biometric system. A biometric system scans the fingerprints, or iris, of the person trying to enter the data centre. Any unauthorised access attempts result in the individual being detained in the data centre’s mantrap. A mantrap has two sets of interlocking doors, and identification, preferably biometric, is required at both points. If the biometric system activates the security alarm then all doors will lock, trapping the suspect in the space between the doors. A data centre should also have CCTV systems installed which are able to cover all parts of the data centre from the perimeter to the individual servers. It shouldn’t just rely on CCTV to be its watchful “eyes” though, it should also employ security guards to patrol the data centre, inside and out, on a 24/7 basis. Once inside, all server racks should be locked, with keys held only by the client and the service provider. This means that the service provider’s engineers can only physically access the servers when the client’s representative is there, ensuring complete peace of mind for the customer.


A data centre must be ISO certified. ISO27001 is one of the most rigorous international standards for system and physical security processes. The audit and certification process focuses on every aspect of the business, including physical infrastructure, site security and access management, personnel capabilities, communications and operations, legal compliance criteria, and back-up and disaster recovery systems. The standard was developed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.


Additional peace of mind Putting in place the physical and virtual barriers is sometimes not enough reassurance for certain types of customers. For them, security is not just about who can access the facility, but reassurance that the IT supporting their core business is secure and that they have the peace of mind that service will not be interrupted. As competition in the international marketplace intensifies, customers need to know that their systems are up and running at maximum efficiency. The consequences of unexpected downtime can be devastating, costing far more than the price of repairs. Managed services offer an additional layer of security, while delivering the flexibility to outsource elements of the management and support of a customer’s IT infrastructure. 24 hours a day, 365 days a year, data centre providers can offer systems monitoring, systems management and backup services, to help customers achieve maximum system and data availability.


Today, data centres can provide secure monitoring services that comprise of state-of-the-art monitoring tools designed to watch over a customer’s servers, operating systems, network devices and web sites 100% of the time. Secure monitoring services can reduce capital investment while offering an effective, easy to implement solution that goes some way to offering complete peace of mind. And all with the benefit of clear SLAs which should guarantee the highest level of performance throughout the life of the contract. With these sophisticated tools, a wide range of parameters can be monitored against pre-defined thresholds. The data centre provider should handle the heavy lifting, the entire setup process. With instruction on what systems to monitor and who to contact in case of emergency, they should manage the rest. Typically, if there is a breach of any of these thresholds the data centre provider would immediately escalate and inform the customers by phone from a central customer service centre, email or text-message, enabling them to take action to prevent any further outages from happening. As soon as one of the parameters on the customer’s systems reaches the pre-determined


threshold, an alarm is triggered and the data centre team goes into action, executing a pre-arranged “run-book”, or predefined course of action, and performing restoration and repair procedures to minimise downtime.


To minimise maintenance and related downtime on servers, leading data centres will offer agentless monitoring technology which is designed to eliminate the need for software (agents) to be installed on every machine and require minimal bandwidth. The data centre provider would typically install a small piece of software on one of the servers within a customer’s infrastructure that communicates with all the devices on the network. The software then communicates securely with the data centre. In certain circumstances, no software installation whatsoever is required.


A silver lining from the cloud


Going a step beyond monitoring services, another compelling element of embarking on a managed services contract with your data centre provider is the ability to factor in secure data services. Secure data services unravel the complexities of backing up, managing and recovering mission-critical data. Customers can initiate new backups and restores within minutes, and view backup schedules, monitor how backups are performing and generate reports. Secure data services should be designed so they can be mastered by any employee with basic IT skills, but give the advanced user all the functionality expected in a corporate-class backup solution. They provide cost- effective, cloud-based backup solutions that are simple, flexible, secure and scalable. They enable organisations of all sizes and levels of technological sophistication to instantly back up, manage and recover their mission-critical data using a data centre vault.


This level of protection is ideally suited for multi-site operations and mobile data backup. It won’t be surprising if demand for such services continues to grow: according to Gartner, 64 per cent of small to medium-sized businesses back up their data on-site, not off-site – which is simply a disaster waiting to happen. Some 60 per cent of backups are incomplete, 50 per cent of restores fail, only 25 per cent of tapes are stored off-site and end user compliance with backup policy is only eight per cent. Secure data services use a fault-tolerant, disk-based, secure storage subsystem, coupled with ultra-efficient cloud software. Using the latest cloud software allows the customer to capture less, ingest less and store less, reducing the amount of data that they are paying to retain and enabling a pay as you go model. This means that only one single full backup of the data needs to be taken. From then on, only the data that has changed is transferred to the maximum security Vault. “Point-in time” restores are possible by keeping multiple copies or versions available on the Vault.


In case recovery is needed, the Vault automatically reconstructs and restores in one easy step the exact data needed from the specified date and time. The optimal secure data service solution should use FIPS-certified encryption and data destruction processes, require no capital investment, and be billed based on the amount of data stored after compression and advanced de-duplication. The customer should also receive a unique encryption key (up to 256-bit AES), ensuring that all data sent to, stored at, and sent from the data centre is encrypted to ensure complete confidentiality and privacy.


Without the encryption key no one, including the data centre provider, has access to the information. This only serves to illustrate once again how important it is that the customer chooses a data centre provider which is SO 27001-accredited, including multiple layers of physical security, network redundancy, controlled environments and operational guarantees.


February 2012 I www.dcsuk.info 31


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52