Intelligent Data Centres Issue 43 | Page 71

personnel and cybersecurity in a single , holistic programme .
To counter the threat from forcible attack such as theft or terrorism , the ‘ 3Ds ’ philosophy of Deter , Detect and Delay attackers may be used .
By creating a highly visible security appearance or messaging , the goal is to provide a strong deterrent to the potential attacker . When an attack occurs , the objective is to detect attacks at the earliest opportunity and delay the attacker for as long as possible to enable response and intervention prior to any loss .
To counter the threat from espionage , the BAD philosophy should be used by implementing effective barriers , tightly controlling access and using technology to detect potential attacks .
In a reverse approach to that used for forcible attack protection , layers that form barriers , control access and detect attacks should be created as close to the asset as possible . centre will need to consider guidance based on their own risk assessments .
The targets are not limited to acquiring or degrading data . Threat actors may also seek to disrupt services by targeting data centres through either a destructive cyberattack or a physical attack .
Historically , the focus has been on preventing service interruption due to natural hazards , power outages , hardware failures or denial-of-service attacks .
Ransomware has emerged as a major threat . In a recent incident , stolen employee credentials helped the threat actors complete their attack . This was a great example of the requirement for physical and cyberthreat converging .
To address this trend , organisations need to bring together physical and cybersecurity of data centres into a single holistic strategy .
Giovanni Grosso , Managing Director , G4S Secure Solutions Services
Only when this is done can they be confident of withstanding the diversified methods threat actors , cybercriminals and others may use to attack .
How do cyber and physical security converge ?
To be effective , the modern security plan should adopt a risk-based approach to security mitigation supported by a layered strategy which operates at different levels and integrates physical ,
This philosophy focuses on detection and not delay of attacks due to the differing measures of success for the attacker . Taking this approach allows you to focus security measures on the asset , which in turn can also help mitigate risk from insiders who exploit or have the intention to exploit an organisation ’ s assets for unauthorised purposes .
What should the security programme address ?
Security mitigation is most effective through a layering approach . An example of the physical security layering within the data centre typically includes 4 – 6 layers . These layers allow defence in depth and typically address each of :
• Layer 1 : The fence line at the perimeter of the facility
• Layer 2 : External areas , including car parks , access and reception areas
• Layer 3 : Common / circulation areas and Security Operations Centre ( SOC )
• Layer 4 : Grey space ( plant rooms , inc . MMR ) www . intelligentdatacentres . com