If you want to truly feel comfortable with the security of your virtual data room provider, you need to understand some of the basic components that make a data center secure. There is a continuous development in the intensity and knowledge of hacker so you must ensure that the provider you choose is using a data centre that follow the following principles:
1) Location Security
A data centre should be located away from any roads, preferably behind a treeline or other visual barrier. Also, the building should be located and designed to withstand flood, wind, earthquake, and other natural disasters.
The design should be unobtrusive (a data room designed to look like a spaceship, for instance – while very cool – would present an irresistible target to would-be attackers). There should be no indication of what the purpose of the building is, and as few windows as possible. Doors should be high-security grade, and exterior walls should be reinforced concrete or other high-security material. *
2) Personnel Security
This includes both the robustness of the data centre security staff, as well as protocols for ensuring the reliability and trustworthiness of that staff. The data centre should have security on staff to monitor entrances and periodically check the security of the building and grounds. In addition, non-security staff should nonetheless be highly trained in security considerations and protocols, and should know what to look for in identifying potential threats and resisting social hacking attacks. All employees, from the Head of Security to the custodial engineer, should be thoroughly vetted with full background and reference checks.
3) Network Security
The network is the battlefield where the majority of threats are found. Cyberattacks are easier and cheaper than attempting to physically compromise a location, and are thus exponentially more common. Network security should include the most up to date data encryption, virtual private network, and firewall technology, as well as protocols for dealing with Denial of Service attacks and other common cyberthreats. Also, network workstations and servers should be individually secured against threats with the latest in antivirus technology. Given the rapid pace of change in network security and hacker tactics, a quality data room will have someone (or possibly an entire office) who is responsible for keeping abreast of the latest developments in network security and deploying the most up-to-date protections.
4) Back-up Security
Even if malicious breaches of the data room are prevented, sometimes mother nature can get past even the strongest protections and building techniques. In the event of a major disaster that physically damages the location, the data centre should have a ready back up in place that can be brought online with as little downtime as possible, in addition to clear procedures for securing the damaged building and its contents. Attacks of opportunity can sometimes be the most devastating, and sensitive data can be recovered from even severely damaged equipment if sophisticated tools are available. We have covered this more extensively inn one our earlier post with Keeping your information safe: Backuping up a Virtual Data Room
5) Disaster Recovery
In the event of a disaster, your data room provider should have a comprehensive recovery plan with their data centre that is tailored to their business. In addition to the back-up security discussed above, this will include specialists who will look at the root cause of the disruption and workforce continuity so that they can stay up and running even when their place of work is unavailable. For a complete view of recovery options please visit: www.sungardas.com
A secure data centre is one that takes these criteria seriously, and puts the highest of priorities on keeping security procedures current and client data secure. Whether you are a potential client of a data room service or you are a provider, security has to be the first step.