Geography and ownership security
Managed hosting or cloud hosting providers sometimes seek to store your data in multiple locations, including outside the UK. When this happens, it is important you know where your data is stored, since some countries have laws that could put it at risk.
Data centres’ physical perimeter and buildings
Vulnerabilities in the physical security of the data centre in which your data is stored may leave data at risk. Data centre owners should be able to demonstrate a robust layered approach to physical security at their sites, including perimeter and buildings.
The data hall
At the data centre’s heart, data halls are where your servers are located. No matter how secure the data centre, as a customer, it is your responsibility to ensure sufficient controls are in place to limit who might be able to access your networking equipment.
Meet-me room considerations
Meet-me rooms are the areas in a co-located data centre where communications service providers, such as telecommunications companies, physically connect their data servers and exchange traffic. Access should be strictly controlled given the higher level of risks that meet-me rooms introduce.
People security considerations
People and personnel security seeks to enhance an organisation’s or site’s protective security through policies, procedures, interventions and effects. It is important that any security risks related to people are mitigated.
Supply chain considerations
Most organisations rely on suppliers to deliver products, systems and services. Securing the supply chain can be difficult because vulnerabilities are inherent and can be introduced and exploited at any point. A vulnerable supply chain may cause damage and disruption.
Data centres are a valuable target for threat actors seeking to steal data or disrupt operations and services. Data centre operators should assume that a cyber compromise is inevitable. We advise taking steps to detect intrusions and minimise their impact and preventative cyber security measures.