The Data Centre Security Report 2010 released recently by IT and telecommunications consultancy BroadGroup has found businesses believe that denial of service attacks (63%), human error and data security are the three main security risks facing data centres.
The vulnerability of websites also made the top three, with 68% of organisations seeing it as a threat worthy of concern.
Data centre security clearly remains challenging: none of the companies surveyed saw the overall threat level as having decreased over the past 12 months; in fact, 27% believed it had gone up. One of the operators interviewed actually recorded between 170 and 200 distributed denial of service (DDoS) events every two weeks.
The findings come from the Data Centre Security Report 2010, published ahead of BroadGroup’s sixth annual Data Centres Europe conference and award ceremony, held this year in Nice from 22-23 April. It provides extensive and up-to-date guidance on enhancing security for both new and existing data centres.
Aside from the security of existing data centres, the report also examined how companies look for new ones. Both commercial service providers and end-users saw security and availability/resilience as the top two criteria for companies selecting additional server space.
Furthermore, respondents placed physical security as the number one challenge when looking for new data centres.
Stuart Bonell, associate consultant at BroadGroup, is the author of the report. He comments: “Data centre security has seen a lot of focus over the past year, as organisations seek to ensure compliance with regulations such as Sarbanes-Oxley or the Payment Card Industry Data Security Standard (PCI-DSS).
“Organisations have to take a systematic approach to data centre security, with many choosing to adopt an ISO27001 risk-managed approach. The report focuses on this angle, as we found that ISO27001 and SAS 70 type II certifications were the most popular indications of security management being used by commercial data centre providers.”
Stuart continues: “We were, however, somewhat surprised to find that lack of funding wasn’t an issue for many businesses. Compliance concerns seem to be putting them under pressure to improve, but are also providing data centre and security managers with extra ammunition at budget-setting time.
“Senior management are becoming more aware of the need to improve security, which reflects greater customer interest in the issue following a spate of well-publicised incidents during 2009.”
Finally, the report addresses the main trends driving change in data centre security for the future. It notes that 70% of end-users ranked virtualisation as the top issue.
Stuart concludes: “IT providers are racing to adapt security products to virtual machines. This approach to infrastructure requires alternative licensing models, new security software and innovative approaches to deploying across virtualised architectures.
“End-users are under pressure to adopt virtualisation to save costs, but are concerned how this will affect their data security. We also expect that approaches and products which focus primarily on the data itself, rather than networks or other access routes, will attract greater interest in 2010.”
The report provides guidance for data centre security gathered from end-users, commercial data centres and numerous experts across physical, logical and people-related security. Each section includes links (150 in all) to further information covering applicable standards, suppliers of relevant products and sources for further study.
For more information visit www.broad-group.com
For more information, please contact:
T: +44(0)208 964 0260
BroadGroup is an IT and telecommunications specialist delivering newsletters, portals, reports, studies, conferences and management consulting to the sector. The firm established a consulting group in 2007 in response to the increased activity experienced across the markets in which we are engaged.
BroadGroup operates internationally and have a growing presence in the Middle East and Asia markets.
About the author
Stuart Bonell is an associate consultant with BroadGroup. He spent 12 years in consulting with companies such as Accenture in enterprise architecture and IT strategy roles. Following this he was CTO at a hosting and managed services business and then held CIO and CTO roles for small and medium-sized businesses.
During this time, Stuart commissioned data centres both for managed service providers and high security in-house IT services. He has worked with ISO27001 since 2000 and subsequently held in-house security director responsibilities until coming back to consultancy and industry analysis in 2009. Stuart consults with BroadGroup clients on IT/technology strategy, product offerings (for service providers), sourcing strategy and information security.