Transcript TRD 20 Facing the Security Needs of Your Data Center: An

TRD 20 Facing the Security
Needs of Your Data Center:
An End User’s Perspective
Daun Johnson: CISSP, MCSE, CVE4.0,
NCDA, CORM, CDCE: Data Center
Supervisor for NTUA
1
TRD 20 Facing the Security
Needs of Your Data Center
Security What is it ?
• A feeling of safety
• A state of Readiness
• A state of secureness
2
Why Do we need Security for Data Centers
Sensitive data
– Medical records
– Social Security numbers
– Financial transactions and cardholder data
– Intellectual property and confidential information
Critical infrastructure and key resources
– As defined by the Department of Homeland Security:
“The assets, systems, and networks, whether physical or virtual, so
vital to the United States that their incapacitation or
destruction would have a debilitating effect on
security, national economic security, public health or
safety, or any combination thereof.”
3
Protecting your information!
Physical Security
 Tracks people
 Limits access to areas, spaces
 Provides audit of who accessed what
 Integrates with video to provide
 visual record
Logical Security
 Tracks logins
 Limits access to servers, folders and
applications
 Provides audit trail of what login accessed
what data
4
Security Systems Trends




Moving from reactive toward predictive response
Providing additional operator control
Preserving existing capital investment
Regulatory requirements
– PCI DSS, HIPAA, Sarbanes-Oxley, etc.
5
Security Systems Trends
 Analog-to-digital migration
– Digital allows better image management

Record, store, search, retrieve, share, send
 System Integration for greater efficiency
 Standardized structured approach
– Modular, flexible implementation
– Easy moves, adds and changes (MAC)
 Anywhere - anytime monitoring
 Video Analytics
6
Physical Protection Guidelines and Strategies
 Crime Prevention Through Environmental Design
(CPTED)
– Awareness of how people use space


All space has a designated purpose
Social, cultural, legal and physical dimensions affect behavior
– Control physical setting to change behavior



Understand and change behavior in relation to physical
surroundings
Redesign space to encourage legitimate behaviors and
discourage illegitimate use
7
How Security Should Be looked at for a Data
Center
 Site Selection
 Defense in depth
– Implement layers of protection
– Ensure failure of one element in the
system will not create a critical
vulnerability in the whole system
– Delay penetration in event of
breaches
8
DC site Selection Criteria based on the TIA-942

Secure all cooling equipment, generators, fuel tanks or

access provider equipment outside the customer space

Computer rooms should not be located near a parking
garage

The building should not be located:
hill
– In a 100-year flood plain / near an earthquake fault / on a
subject to slide risk, / downstream from a dam or water tower
– Within ¼ mile of an airport, research lab, chemical plant,
landfill, river, coastline or dam
– Within ½ mile of a military base
– Within 1 mile of a nuclear, munitions or defense plant
– Adjacent to a foreign embassy
9
Security How Much or How little do you need
When we look at our Data Centers, we have to
decided during the planning stage what tier level.
The tier level will drive the security protocols
and measure that you will need to put in place.
10
Security How Much or How little do you need
 This was the hard question to answer for us ?






Being on the Navajo Nation is somewhat security
No signage on the building added security
Being kind of hidden behind other buildings
Drive by a bunch of company owned and occupied homes
How Much More did we really need
How Far did we want to go with both Physical and Cyber Security







We put in a 8 foot high chain link fence with razor wire on top.
A motorized gate with badge access and camera and mic to gain access
Perimeter Breakage system along the fence on the inside
Camera's watching both inside and outside of the Data Center complex
Badge access to the main building of the NOC, escorted access inside the NOC and Data
Center Buildings once inside and signed in.
Badge and Bio readers to access the Data Center raised floor.
24/7/365 manned NOC for allowing access
11
Current Biggest Security Threats
 Threat No. 1: Cyber crime syndicates
 Threat No. 2: Small-time cons -- and the money mules and
launders supporting them
 Threat No. 3: Hacktivists
 Threat No. 4: Intellectual property theft and corporate
espionage
 Threat No. 5: Malware mercenaries
 Threat No. 6: Botnets as a service
 Threat No. 7: All-in-one malware
 Threat No. 8: The increasingly compromised Web
 Threat No. 9: Cyber warfare
12
Number one Security Problem
People
 Written Passwords



Social Events
Phishers
To Trusting
13
TRD 20 Facing the Security
Needs of Your Data Center:
An End User’s Perspective
Daun Johnson
CISSP, MCSE, CVE4.0, NCDA,
CORM, CDCE
Data Center Supervisor for
NTUA
Email [email protected]
Phone 928-729-6147
14