The European General Data Protection Regulation (GDPR) legislation has now been in effect since the end of May. The challenge for companies, which now store more increased confidential information, is to manage the new complex regulations that GDPR has brought into play. Since GDPR was first introduced on 14 April 2016, businesses have had two years to iron out data mishaps, and to ensure they are ready for when the legislation came into effect, to avoid any hefty fines for not responsibly complying. In fact, businesses who haven’t complied face fines of up to €20million. However, the arrival of this legislation has proved complex to navigate, with many different factors for businesses to consider. For data centres, this legislation adds just another challenge amongst the security risks, client pressures and environmental impact data centres face on a daily basis.
For example, one particular risk data centres face in the current cyber landscape is the increased ability and technical advancement of cyber-criminals to gain access to the sensitive information businesses own for financial gain. The threat of cyber-criminals has never been greater. Companies need to ensure data is stored safely and securely, while CIOs are on the lookout for skilled providers who can ensure they are doing all they can to keep sensitive data protected, but still ensuring it is still easily accessible for those who need access to it.
So, what are the data dramas that plague a CIO and what should UK businesses be looking for when choosing a data centre partner to keep such woes at bay? The following five points explore the main data dilemmas and the resulting consequences for businesses if they are not addressed immediately.
1. The physical security of a data breach
Firstly, this point may sound obvious but CIOs need to be safe in the knowledge that they have a high level of physical security protecting their prized key data. With businesses now falling prey more and more to attacks and physical threats, they are now having to consider how they can best deal with the threat of physical attacks. A highly professional security guard presence, an integrated alarm system and around-the-clock video surveillance is vital in this situation, as well as the latest in ID and video recognition technology to ensure that only accredited personnel gain physical access to the data centre in question.
2. Cyber warfare
In the ever-evolving world of technology and cybersecurity, gone are the days when it was only physical security threats that would concern CIOs. Businesses now carry more sensitive and confidential information than ever before and they are, inevitably, finding that cyber-criminals will use any means possible to try and gain access to confidentially stored data. Some of the most high-tech data centres can limit access to customer data through a range of controls, such as role-based access control, multifactor authentication and ensuring only a limited number of employees have constant access. Standing data encryption can also be used to safeguard against potential hacks and breaches, for example, during times when data is moving over networks between user devices and the data centre.
3. Immediate access required
CIOs require instant and secure access to their data no matter where they are. They simply will not tolerate any form of delay in being able to gain access to their stored information, and will rapidly move on from any data centre that does not grant them that access in a rapid and convenient manner. Businesses should look for a data centre partner that is not only able to keep hackers and cyber terrorists out, but also to make sure that they are making it as convenient as possible for CIOs and their employees to gain immediate access when required.
4. Environmental impact
CIOs are now more focused than ever on showcasing their company’s commitment to the environment. While being environmentally friendly can present logistical and economic problems, it important for data centres to show how they are impacting as little as possible on the environment. With that in mind, businesses should look for a data centre partner with a similar eco-friendly commitment to the same environmental goals, which may include emission reduction, ensuring sustainability, and (where possible) using renewable energy. Any affiliation to a data centre that fails to make this a priority, may well put businesses in a position where they are exposed to accusations of contradictory environmental policies.
5. Business continuity
While CIOs are under a lot of pressure if things go wrong, they are ultimately responsible for ensuring a back-up plan is in place should anything significant occur. CIOs need to make sure that any data centre they choose has clear and well-defined plans in place for eventualities such as power outages, cooling failures (the heat that is generated by any IT equipment means an interruption of cooling is almost as damaging as an interruption of power), and any technical communications issues. Therefore, business continuity is another consideration that CIOs must bear in mind when thinking about their data centre partner.
Out of all of these dilemmas, the threat of a significant power outage is by far the most serious. This is emphasised through a widely covered story in 2017, which saw what could have been a catastrophic power outage, with Silicon Valley itself falling prey after a drone crashed into a power line. In this particular situation, the lack of timely response and adequate back up sources of power could have seen companies potentially unable to access networks. Not only that, protected sensitive data could be unreachable for a considerable length of time, which for any CIO is simply unacceptable. There have been several incidents in the last decade or so when data centres in San Francisco and London amongst other have gone down, which in turn has affected large, multi-national companies across the world.
Adam Tamburini, Senior Vice President International, e-shelter
Image source: Shutterstock/Wright Studio