Cloud storage has been experiencing massive growth. Often, physical on-site security goes overlooked. Our latest guest blog explains what types of security services to look for in a colocation cloud provider.
Driven by the cloud much of the IT security world is focused on securing digital data. So much that the physical element often goes unreported. Man-traps, surveillance systems, perimeter defenses and even biometric access-points -how could anyone not get excited about this stuff?
While a moat complete with alligators may be overkill, many businesses that have gone cloud don’t place enough emphasis on physical security. After all, what’s the point of virtual security if your data or co-location center has no perimeter defense or internal security checkpoints?
For consumers, SMBs or even large enterprises demanding server colocation or IaaS space off-premises, determining if the vendor guarantees physical security is a no-brainer. Evaluating your service providers standards on security is tricky. What types of security controls do they provide and how much of them are budget-justifiable.
It is important to assess the financial impacts of a physical breach and how much of a hypothetical breach could derail your business. How much investment and controls are required to prevent and resolve a breach? Typically, the level of physical security is dependent on the industry your data revolves around. Compliance regulations are an issue. Chances are that the more valuable and sensitive the data, the more your budget should be focused on physical security.
Once you’ve determined just how valuable physical security is to business continuity, then you can look at your colocation provider from the security standpoint. Providers may offer a minimal level of security guarantees and many provide extended security controls for additional costs. No matter what levels of security a vendor offers, look for the following minimum standards and safeguards:
If possible, get as much information on the different layers of security the colocation provider offers. Layers include identity and access privilege management, logs to monitor, report and access surveillance systems.
Make sure they have proof that they are submitting regular audits on the performance of the security controls they offer – such as the SAS 70 audit. Also request what security certification the provider, staff and management have received.
Find out if there is around-the-clock security on-site, and inquire into what internal requirements, certification or training security staff have met.
Where is the colocation center located? Most data centers are not in heavily populated areas for a reason – and they should never advertise that they are in the business of data. Also, determine how old the building is and how well it has been maintained. Finally, inquire into the server and rack equipment deployed, their condition and what the provider guarantees in terms of future needs for space, expansion and performance.
The other element to physical security is disaster readiness. How well prepared is your colocation provider for natural disasters, fires, power outages and other acts of god. In addition, what level of agreement do they provide in the event of a disaster, and is the life of your data guaranteed.
Zach Kremian is a Web Editor for CloudComputingInsights.com and writes about cloud computing trends, applications, management and security issues.