Finding the Right Fit for Data Security and Management
With enterprises’ rising reliance on data and the need to protect it, investments in data security and data centers are rising. Data center company Equinix Inc. is expanding its Rio de Janeiro data center; Penn State University is finalizing plans for a second data center, projected at a cost of $58 million; Google is reportedly considering a $300 million data center expansion at its campus outside of Atlanta.
But organizations don’t need to invest millions in buying and outfitting on-premises data centers in order to better safeguard their data.
In 2014, a State of Florida audit placed a new emphasis on data protection and breach prevention in addition to data breach response. This spurred many school districts into action to better respond to cybersecurity threats and manage data more responsibly, while meeting compliance requirements.
For Hillsborough County Public Schools, which serves the Tampa, Florida, area and is the eighth largest school district in the U.S., this meant reshuffling its IT management to better address its new goals. Rick Laneau, who had been the Data Center Manager for the district for the past 15 years, became the Executive Officer of IT Compliance – a new department created after an external assessment which will address the security concerns that rose in the wake of major data breaches that rattled the country in 2014.
For schools, data management is an entirely different beast than it is for enterprise data security. For example, Laneau says, there are requirements for content filtering systems for different age groups. So while the Children’s Internet Protection Act (CIPA) requires content filtering for all students, the Children’s Online Privacy Protection Act (COPPA) requires parental consent for collecting information about children under 13 years of age.
“This is all on top of protecting student, staff and parent information,” he says. “We also have to manage security for online testing systems – especially since schools are moving toward more digital testing. Plus, unlike in businesses, we can’t necessarily fire students for inappropriate network use.”
The issue with just filtering is, Laneau says, it’s the equivalent on putting a padlock on a door – it will keep the majority of rule-abiding students out, but someone who really wants to get through can do so fairly easily.
“You’re kidding yourself if you’re not doing your due diligence and investigating other options for securing your network and managing privileges,” he adds.
This is where the extensive media coverage of data breaches worked to his advantage. By leveraging awareness of high-profile data breaches, Laneau could better bring new solutions in front of school district leaders, demonstrating how enhanced data security systems could benefit compliance efforts. The district also formed a privacy and information department in IT for risk assessment purposes, demonstrating a forward-thinking security mindset.
“Keeping up with changing technology is one of our missions,” Laneau says. “We operate under a continuous improvement model, and our ROI is the reduction in risk.”
Working with Fortinet’s next-generation firewalls to replace some legacy appliances in the district’s data centers, Laneau has seen a 180-degree turnabout in the system’s usability, both for filtering and audits. Plus, the reduction in risk isn’t the only return on investment the school district has been seeing. In addition to saving $15,000-$30,000 when ending the district’s previous firewall contract and eliminating an annual maintenance contract, the district is also seeing a decrease in bandwidth use, as students can’t sneak into streaming media – such as YouTube or Netflix – as easily.
Maintaining appropriate speeds was imperative for Chris Thomas, Infrastructure Architect for CARFAX in St. Louis, Missouri. Four years ago, CARFAX was looking for new, reliable load balancer to keep traffic evenly distributed between its data centers so that access to the website was reliable and fast. An imbalanced data distribution could create outages, and according to Thomas, if your website has a rate of two outages per month at the network layer, your business cannot continue in today’s marketplace.
“Downtime is dollars,” says Thomas. “Not necessarily in a financial loss, but in branding. To build a good brand, as a website, you need to be reliable. It doesn’t take long for word to get out that you’re a ‘part-time website.’”
Working with cybersecurity solution provider F5, Thomas added an effective load balancer to the system, then consolidating other data management and security systems under the F5 suite of products to, as he says, work smarter, not harder. One area of focus recently has been digital perimeter defenses beyond firewalls.
“The biggest change we’re facing now is that we have a borderless network, due to mobile devices and developers’ needs,” says Thomas. “We won’t be able to create enough internal layers to keep a secured internal network and perimeter around all our data, so we’ve been looking for a managed, hosted solution. This will not only help us save on staffing, but it will put extra layers of defense where it’s needed most safeguarding our revenue stream from DDOS, bot and malware attacks – allowing us to focus our efforts on product delivery.”
When discussing such an off-premises security solution, Thomas brings up two main points: criticality and an enterprise’s sensitivity to downtime. If a business relies very little on Internet-based data access and the data stored is not vitally important, having such a high-level solution is not necessary. On the other hand, for an enterprise that stores user data – encrypted or not – on servers vital to the business’s operation, finding robust solutions is imperative.
“Tools to attack an enterprise are too readily available today, and risk is increasing. People try to take down a network just because they can. You have to have a smart approach relating to what your business can withstand,” Thomas says.
SIDEBAR: Data Center Continuity in Amsterdam
Data centers contain and deliver mission-critical content and applications to enterprises, and as enterprises revolve increasingly around digital applications, having a reliable data center partner is key. The Interxion headquarters, located next to the Schiphol Airport near Amsterdam in the Netherlands, is built with continuity and efficiency in mind. The facility uses well-water and ambient air for data center cooling. The building holds an annual blackout test, and there are batteries on site that can maintain power for up to 15 minutes in the building between a blackout occurring and the generator starting up.
At any given time, there are three days-worth of diesel fuel on-site, and a local supplier is ready to bring more within a four-hour window of notice in the event of a prolonged power loss.
The biggest concern regarding power loss, says site operations manager Timo Koorn during a Securitytour of the site in November 2014 (sponsored by the Netherlands Foreign Investment Agency), is lightning. The roof of the building is well-stocked with lightning rods to divert any strikes away from the transformers.
On the security side, the facility uses three-factor authentication – a badge, biometrics and a weight measurement – to identify users entering the secure data center floors. There is at least one surveillance camera per rack of servers, and the video is kept for 90 days.
The perimeter fence is electrified, and Koorn would perform in-house penetration tests to gauge security personnel’s reaction time by loitering in restricted areas or accessing the rooftop in off-hours.
Being so closely located to and partnering with an infrastructure giant like Schiphol Airport helped as well. According to Koorn, the data center gets to take advantage of the airport’s risk management procedures, including the airport’s levee testing to check for flooding risks, generator tests and more.