Nowadays, data is the world’s most valuable asset. Quality content, personal records, photos, camera images and big-data initiatives that bridge the gap between IT and business: all this information is digital. It’s not surprising then, that businesses are getting more and more concerned about the security of their data. Research carried out by Interxion this year confirms that the large majority of medium and large sized financial institutions, government organisations and IT companies are worried about data leaks or cyber attacks.
Due to the ever increasing amount of company data stored in the cloud, the first port of call for these businesses are virtual security measures. The adoption of cloud computing means that businesses exercise less and less control over the administration. Moreover, many cloud-like services are based on the principle of multiple participants sharing the underlying infrastructure so as to take full advantage of economies of scale. This shared usage leads companies to believe – albeit, wrongly – that others are in a position to gain easy access to their data. The organisation’s individual requirements, application and data set will determine whether a cloud service is appropriate, and if so, which cloud format that is. For most organisations, the best solution lies in a combination of a public cloud, private cloud and ‘on-premise’ infrastructure. There is good reason, after all, why this type of hybrid solution comes out on top as most popular in a number of studies.
Virtual and physical
Whereas cloud service providers are theoretically in charge of virtual security, colocation data centres – where the cloud solution is housed – are in charge of physical security. This is why our newest data centre, AMS8 on the Schiphol Campus, needs to satisfy the highest security guidelines and has numerous levels of security. At the very least, this means ‘perimeter’ security around the site and at the entrance, ‘mantraps’ in the data centre, access systems at the entrance to the various areas in the data centre, locked data centre cabinets and biometric checks such as fingerprint scans. In addition, no person is allowed into or out of the data centre without their identity being confirmed by security. Every visitor must be registered in advance and only authorised persons have access to the data floor.
But the protection of your data goes even further. Other additional measures have been implemented to guarantee the security of the data in the data centre, including 24/7 camera monitoring all around and in the data centre, combined with specialist security guards who patrol the area. Within the data centre itself, the various areas are locked, with the only key holders being the data centre administrator and the client. This means that even the data centre staff only has access to the servers when the client grants them permission. This guarantees the owner of the data a safe environment.
As with all Interxion data centres, AMS8 will be governed by a number of strict regulations. For example, processes are according to to ITIL standards, the SLA includes guarantees on power supply, cooling and humidity, and physical systems and security processes are ISO 27001 certified for information security management and BS25999 certified for the proper management and monitoring of the Business Continuity Management System. ISO 27001 is the most comprehensive international standard for physical systems and security processes. The audit and certification process covers all aspects of the data centre, from physical infrastructure and access management, to back-up systems and the authority of staff. With processes, it’s also about seemingly logical codes of conduct that could represent a threat to the physical security of data, such as no eating and drinking on the data floor and banning flammable materials and substances inside the data centre. They represent an important confidence factor for businesses.
Whenever someone visits one of our data centres for the first time, they are generally surprised by the very noticeable security measures in place. This is because the security measures at an independent collocation data centre are usually far more extensive than those at a company with its own on-site data centre. The result is often an enhanced sense of confidence in the total cloud concept. Which is understandable, given that the physical security measures are far more visible and tangible than the virtual security measures of cloud providers and IT service providers. The security of the cloud is, however, not limited to cyber security alone: the physical location of ‘the cloud’ enjoys just as physical a protection.