Colocation has become a popular option for many businesses that want to more efficiently manage their IT processes while keeping costs under control. While many proponents of colocation focus on the benefits gained from the consolidation of resources and the efficiencies gained from off-site operations, there is another major advantage to moving your servers to a colocation facility: security.
With more companies being hit by hackers and massive data breaches announced seemingly every day, security is a major concern for any organization. Network security and using technology to identify and thwart cyberattacks is vital, but it’s also important to consider physical security. Sometimes the greatest risk isn’t the nameless hacker working in a foreign country far away, but the seemingly innocent technician who has the opportunity to steal your data.
Colocation offers a number of advantages when it comes to physical security, but only if you follow the best practices for evaluating a provider’s security protocols.
Restricted Access
When your servers are kept in your office, you have a level of control over who accesses them. You can monitor who comes and goes from your building, establish security protocols that include access badges or keys, limited access to certain areas of the building and controls over afterhours access.
But when you keep your servers off-site, you give up a level of control. Representatives from other companies may have access to the server area, and you can’t always control who that is. When you’re choosing a provider, review their access protocols and establish written guidelines as to who can access your servers. More specifically, determine who from the colocation provider will have access to your servers, and request results of a background check and security screening to ensure your data will not be vulnerable. Insist on regular logs detailing who has accessed your server and for what reason. If the colocation center does not offer individual locked cages, ask whether visitors are escorted to servers; if visitors are allowed to wander around unescorted, that could present a serious security risk.
24-Hour Monitoring
One of the major advantages of colocating your servers off-site is a colocation provider can offer 24-hour monitoring and protection of your machines. While some businesses can monitor and protect their servers 24/7 with elaborate security systems, for many small and mid-sized companies, such a level of security is impractical from a financial standpoint. During the day, access to the server room is monitored, but after hours, security may involve nothing more than locked doors and passwords.
When evaluating colocation providers, insist on 24-hour, real-time monitoring of your assets to prevent unauthorized access and tampering with your servers. You’ll gain peace of mind knowing that your data is safe even off-hours; should something go wrong, security logs can aid the investigation. Ideally, the security staff should be hired and managed by the colocation provider and not outsourced to potentially inexperienced security professionals. The guards should be knowledgeable in the principles of data security, and experienced in identifying potential data breaches and risks.
Two-Factor Authentication for Access
Two-factor authentication is becoming the standard for security in almost every sector. By requiring anyone who wants access to provide both a physical security item, such as a key or identification badge, as well as something they know (a password, PIN or security question) or something they are (a fingerprint or retina scan, for example)adds an additional level of protection to your data. It’s simply not enough if all someone needs to do is flash a badge to gain access to the server area. Insist your colocation provider implement the latest security protocols to protect your assets.
Security Certifications
When you are storing data related to a regulated industry, such as health care, financial services or life sciences, federal laws require that you maintain specific security standards in order to protect sensitive information. When choosing a colocation provider, ensure that the provider adheres to the security standards required by your industry, such as SSAE 16, and has the capability to participate in third-party security audits and supply the necessary documentation that proves you’re meeting the security standards. Failing to do so could result in significant fines or other sanctions should a data breach occur — or an audit discovers adequate security has not been established.
Evaluating physical security is as important as evaluating technical security when you’re considering colocation providers. Knowing exactly who has access to your servers, and restricting that access, can prevent a serious breach — and keep your data safe from unauthorized access.
The post Physical Security Best Practices For Colocation appeared first on Mostly Blog.