Saturday, 8 September 2012

Data centres

Within certifications such as the CISSP there is discussion on the protection of data centres, within the Physical (Environment) Security domain aspects of protecting facilites are discussed. Concepts such as Crime Prevention Through Environmental Design (CPTED) as discussed, this week I noticed the annoucement by Google about building a data centre in Chile and whilst reading about that I came across Google pages and data centres and these with other pages may help in gaining about understanding of Physical (environment) Security.

Obviously Google does not talk about it is security too much at data centres http://www.google.com/about/datacenters/# , which is a shame as it would a good case study if covered not just about security in controlling people physically visiting the data centre or working within it, but also on the network controls and on the protection of the support services required for running a data centre including utilities. Security covers the triad of confidentiality - restricted data to those who need it, integrity - ensure the data is modified by those who are authorised and availability - making sure it is available to those you need it when they need it.

Google has some limited information available from http://www.google.com/about/datacenters/inside/data-security.html# on security at its data centres which covers physical, protecting the data and reliability. It also covers the lifecycle with destruction of hard drives at the end of life.

There are also articles on the web such as the wired article on the NSA data centre http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/ being built in Bluffdale which whilst discussing the NSA and what it does looks as some aspects of security.

A basic introduction to Crime prevention through environmental design (CPTED can be found on wikipedia http://en.wikipedia.org/wiki/Crime_prevention_through_environmental_design

The Centre for the Protection of National Infrastructure (CPNI) in the UK have produced the following document http://www.cpni.gov.uk/documents/publications/2010/2010006-vp_data_centre.pdf?epslanguage=en-gb on protecting data centres

The CSO online has an article on 19 ways of building in physical security http://www.csoonline.com/article/220665/19-ways-to-build-physical-security-into-a-data-center

No comments:

Post a Comment