As more and more organisations are relying heavily on data centers towards seamlessly enabling always on data connectivity – securing such infrastructure becomes very critical for success of enterprise. Data Security Council of India or DSCI is driving the mandate to ensure secure data availability for the IT ecosystem in India.
Mayank Lau, Sr. Consultant, DSCI talks with Zia Askari from ChannelDrive.in about the evolving security landscape for the data center business.
How does DSCI look at the security landscape for the data centre business today?
Indian IT Industry had evolved to a great extent to deliver DC services to global and domestic clients addressing varied set of security challenges of different sectors.
- The security threat landscape has changed and so have the security safeguards as deployed by IT/BPM industry in India. Data Centre Security predominantly entails the following:
- Physical security aspects
- Logical security aspects at device level such as firewalls, routers, switches and servers etc. The aspect of self-healing protection and contextual security
- Availability, resiliency, BCM , DR aspects
- Assurance mechanisms such as adhering to security standards, regulations, gaining security certifications etc.
- Privacy protection also qualifies to be part of security landscape as data hosted in these data centres is a crown jewel which is to be protected. Organization in Indian complies with privacy requirements as per global compliances and local laws of the land
There are a lot of government agencies that host their services in India and rely on local data centers – how can these data centres be secured in a better manner?
Regulations such as IT act, DoT licensing guidelines, national cyber security policy, critical infrastructure protection guidelines could serve as a good starting point but what is really required is detailed security guidelines on DC security by Govt. of India, which they have done as mentioned below.
- India govt. has already formulated measures for data centre security as mentioned below. Please read these and capture a summary. Key message would be its enforcement and regular testing.
- Policy Guidelines for State Data Centre-These were released by Ministry of IT & Electronics(MeitY) with the following annexures:
- Guidelines on Physical Requirements
- Guidelines for Best Practices on Security
- Guidelines on Standard Requirements
- Manpower requirements
- Cloud certifications by govt. of India which is to given to service providers who will host govt. services.
What more can be done to ensure better security practices in this space?
Security measures can be categorized into four layers:
- Perimeter security: The primary goals of the first layer of data center protection—perimeter security—are the three D’s: deter, detect and delay.
- Facility controls: The goals of this secondary layer of protection are to further restrict access if a breach has occurred at the perimeter. Indoor surveillance for identification and monitoring, as well as multiple ID verification methods are a must.
- Computer room controls: The goals of the third layer of physical security are to further restrict access through multiple forms of verification, monitor all authorized access, and have redundant power and communications.
- Cabinet controls: The fourth layer of data center physical security further restrict access and continue to work within an integrated systems framework. Security measures to achieve this include cabinet-locking mechanisms, audit trails and an intelligent infrastructure strategy.
Other best practices could be learning from Use cases, forming discussion groups of Government, industry and academia to share learnings and best practices across board.
What are some of the steps that DSCI taking in order to create better awareness about data centre security today?
DSCI, among other things, does the following to augment the awareness on Data Centre Security:
- DSCI has developed its Security & Privacy frameworks which guides organizations in terms of deployment of best practices thereby providing assurance to end consumers and clients etc.
- DSCI’s Privacy credentials of DCPLA and DCPP are creating a pool of privacy professionals who can make ready Data Centres in India, robust from data protection viewpoint.
- Our flagship events namely the Best Practices Meet and Annual Information Security Summit extensively discuss the issues of data centre security and track any advancements or developments in this realm.
Please share with us some of the challenges that you see in this space today? How can these challenges be solved?
The importance of protecting information stored in data centres has risen in prominence alongside news of high-profile breaches. Given that it is a top priority for both regions, it may be helpful to take a closer look at this problem in particular.
When it comes to data centre security it is often felt that more than a technology issue this is a human problem. Data Centre Segmentation could come to the aid of organizations but as of today few organizations are doing it.
One potential issue that could arise from utilising numerous solutions is difficulty in managing them. For example, employing encryption for data at rest can be a cumbersome and time-consuming process, particularly if the organisation does not have an information governance strategy in place.
