Security is almost always a top priority for data centers. Every modern enterprise needs its computing infrastructure to be kept safe and accessible at all times, which means data centers have to be fully functional 24/7—otherwise business continuity could be completely disrupted. It’s evident that more companies are starting to realize this, too. Between 2017 and 2021, total enterprise spending on cloud and data centers more than doubled from $128 billion USD to $276 billion USD. This growing investment demonstrates that organizations are prioritizing the safety of their data more than ever before. But when we think about security for data centers, most of us probably think first of information technology (IT) security. We think about installing software programs that detect viruses or prevent unauthorized access to a network of IT devices. And of course, all data centers have some form of IT security in place. What doesn’t get as much attention, however, is the importance of operational technology (OT) security for data centers. This means protecting network-connected operational devices that make up the critical infrastructure of the building where the data center is located. While it’s crucial to protect the digital assets in a data center, it’s equally as necessary to protect the physical assets that make computing and data storage possible. Most centers have to meet strict environmental standards for factors like temperature and humidity. They also have to have access to power at all times with no disruptions. This means that every device from air conditioning units to building control panels needs to be functional and accessible no matter what. The problem? Many of these devices are connected to the Internet—which makes them vulnerable to attacks from hackers. A cyber-attack on a data center’s OT assets could present a two-fold problem: Operational disruption: The attackers could manipulate the functionality of the devices, changing their settings or rendering them completely unusable. This could immediately affect operations on a large scale. Compromised data: Once they’ve gained access to the OT infrastructure, attackers could use a “land and expand” approach, infiltrating other parts of the center’s digital operations until they gain access to IT hardware storing sensitive company data. And while most data centers have backup systems in place to protect against natural disasters and hardware failure, the increasing sophistication of hackers means that even this may not be enough. Because of the varied and ever-changing risks outlined above, we recommend that all data centers take a three-part approach to protecting their OT assets. Assessment: This includes measuring the likelihood of future security issues and preparing to prevent them. It means carefully vetting every OT device and system for potential vulnerabilities. Is the software up to date? Have the default passwords been changed? Proactively checking on these things will help to determine potential risks before they become major issues. Monitoring: Data centers need the ability to monitor their OT assets; in other words, they need to see real-time feedback from their OT devices and systems in a comprehensive inventory. While assessment identifies potential future risks, monitoring reveals what’s happening in the moment. Monitoring tools can show security events in real time and can quickly alert teams to any abnormal activity. Response: Having adequate response capabilities enables teams to deploy resources to solve an OT security issue in a timely way. They can identify what the threat is, who is qualified to address it, and how fast it needs to be remediated. Ideally, they also have a work order system in place that sets all this in motion automatically. Unfortunately, no one software solution can provide full protection for OT devices and systems. But the good news is that, by combining the three steps listed above, you can create a safety net-like system that drastically reduces the chances of an OT-related security issue. Even better news? You can achieve all three in a single solution: Nuvolo Connected Workplace. To find out more, contact us and schedule a personalized demo today. You can also read about how others are using Nuvolo to manage their data center operations. See how STACK EMEA brought its data center maintenance processes onto one platform. Plus, explore how one government agency modernized its data center management, and learn how a leading provider of data center solutions implemented a Connected Workplace model. Share
