We all live continuously on the precipice of change – especially with technology. In the world of big data, we’ve only begun to reach into the vastness of how information is stored, shared, and kept secure. As our information technology continues to evolve alongside the needs of the world, we find ourselves at a point where security is paramount not only for nations and governments but for businesses and individuals as well.
Data centers store our most precious and sensitive data, from complex infrastructure plans to top-secret imagery and surveillance documents. Without security protocols and an intimate understanding of how data is secured, all of our data is at risk, and when it comes to securing data in the most sensitive sectors of industry and technology, our data centers need to be ready for the threats that may be levied at any moment.
Today we have a new frontier of data storage that is becoming increasingly reliant on cloud and edge processing. Though “the cloud” may be a foreign term to some, it’s become a true game changer for others.
How Data Center Security Has Evolved and the Role of Cybersecurity
Like our most basic technology, data centers have changed considerably over the years. As data storage methods have evolved and shifted strategically, we’ve had to march alongside these changes in order to keep in step with technological progress – even when we were hesitant.
Over the past decade, I’ve had the privilege of working in quite a few data center and cloud environments. Here at Quintillion, we’ve been looking at the opportunity to do cloud and edge processing in the Arctic which could help a variety of customers – whether oil and gas companies, the U.S. Government, or the Department of Energy – edge processing could provide a great impact for economic growth.
From a cybersecurity perspective, I can recall back in 2010 when working on “greenfield” cloud environments, there was a lot of skepticism about how security would be applied. This is because the cloud was completely different from traditional systems and networks due to the fact that it was largely virtual. Correspondingly, a lot of people were concerned about placing their data in a cloud environment.
Over time, many users began to understand that you can have the same level of security in cloud technology that you were once accustomed to in a traditional corporate system – as long as you’re following the right cybersecurity controls.
The Key Security Threats Data Centers Face Today
In a nutshell, access is a major threat. Thus, because a cloud environment is accessible by the internet, a variety of strategic threats can be posed. The most common threat businesses face is various phishing attempts – each of which has a different level of sophistication. In fact, some of these attempts are difficult to tell apart from legitimate business emails or correspondence.
If you think about how lenient or lax some companies and individuals are, and with so many people going through their day attempting to get tasks done quickly, it’s very easy (and common) for an employee to receive an email and click on a link without carefully considering that it could be a phishing attempt. Once a link is clicked, this enables the perpetrators to have access to whatever sensitive environments that team member has access to.
Here at Quintillion, we make sure our employees understand what phishing attempts look like, how social engineering is being performed, and how it evolves over time. This is done in order to keep people from falling into those traps, clicking on malicious links, or responding to the wrong individuals.
In order to protect an organization’s data environment, categorizing emails is a great defense. In previous companies where I’ve worked, categorizing email correspondence is a primary part of preventative security. For example, with categorization, when an email comes in from outside the company it’s accompanied by a banner that explicitly shows that this email originated outside of the company – alerting users to be aware.
How Fiber Optics and Subsea Cables Support the Functioning of Data Centers
For a company that relies on information technology, speed is essential to ensure that an organization can continue to run operations. Without speed, operations can slow – and this is never good for business.
Basically, everything comes down to speed and capacity. For example, when you have large pipes in fiber optic networks, a larger volume of information can be sent through at higher speeds. For example, Quintillion has ground 3.5-meter station antennae in Utqiaġvik, Alaska with plans to expand to several more. When the data comes down from the satellite, the most important thing is to be able to get that data to a center to be processed.
Sometimes processing might occur on the edge, sometimes it may occur wherever the data center or customer is. But at the end of the day, distributing the data at high speed is essential to keep operations running for companies that rely on sensitive information in real time.
The Importance of Backup and Recovery Systems in Data Centers
Today, ransomware attacks are huge, no longer coming in the form of a few million-dollar ransoms. These attacks are now forming a billion-dollar criminal industry. In addition, you have terrorist organizations using these attacks to fund various criminal activities.
All organizations need to ensure that they have contingency and disaster recovery plans in place because the chance of having a ransomware attack is much higher today than ever before. In fact, these attacks could hold vital parts of your entire environment hostage, or wherever your data is – potentially locking up an entire network so that nobody in the company can access any data.
The good news is that ransomware attacks can be mitigated through strategic disaster recovery planning. This often entails frequently backing up systems and being able to recover those systems at a moment’s notice. Thus, even if you had to rebuild your entire infrastructure, companies that have optimized disaster recovery systems in place are much better positioned in the event of a strategic ransomware attack.
Here at Quintillion, we take extreme measures to keep data secure including performing frequent backups, storing backup data in secure environments, and employing a staff of skilled network engineers that could rebuild an entire system in a short amount of time if necessary.
Can Backup Systems Become Compromised?
Most attacks go slow – and this is part of an overall strategic plan done intentionally on the part of a criminal organization. For example, in the past, you may have faced a hacker who was really good at getting through the front door. However, they may not have known exactly what they were looking for nor how to exfiltrate that data from the environment – nor how to cover their tracks once they exit the environment.
In today’s world, whether we’re talking about criminal organizations or nation-states, several groups have come together and formed teams. These teams may include an expert at gaining access to data, and another person (or persons) who are skilled at covering audit trails or moving laterally across an organization, getting into privileged user accounts, and creating other accounts just in case the hack is ever discovered – all in order to maintain persistence in an organization’s data environment.
At the end of the day, when you detect a hacking attempt, the challenge then becomes how to get the perpetrators out. This often requires hiring a team to clean your system all at once because scrubbing one part of the system is not effective for large-scale, advanced hacking attempts that are in play today.
How Data Center Professionals Keep Up With the Latest Trends in Cybersecurity
Keeping up with trends in cybersecurity is essential to maintaining an optimal defense. Thus, most of us in the industry have access to a variety of threat reports that keep us up to speed on emerging threats and the latest technologies being used by hackers, whether these are used by individuals or large-scale criminal operations.
We also follow a variety of commercial organizations such as Crowdstrike and others – along with a variety of different environments where others in the industry post alerts about different or emerging threats. Over time, we often find that the best people or agencies reporting on threats also tend to give the best advice on how to mitigate or prevent those threats.
In addition, there are many conferences such as Blackhat and RSA that offer help and advice on cybersecurity, and most data center professionals have a network of colleagues across the country or around the world that we can reach out to for advice about how to mitigate such threats.
How Emerging Technologies (AI and Machine Learning) Impact the Security of Data Centers and the Fiber Optic Subsea Industry
AI has grown exponentially, whether we’re talking about Chat GPT or other more advanced machine learning software. And AI tools are great from a business production standpoint because you have the capability of having AI write complex code for a variety of purposes.
The problem when it comes to data center security in the fiber optic subsea industry is that while you can have an advanced AI write code for a particular business application, a hacker can also use that same AI technology to learn how to exploit particular data environments.
For example, if a hacker knows the cybersecurity tools or protocols being used in a particular data environment, they can then ask an AI tool how to use the most common exploits to circumvent or “test” those cybersecurity measures.
All in all, while there is great promise for AI technology and how it may be used productively, there is also a great concern for how to protect against how it may be exploited for malevolent purposes.
Are you ready to learn more about how data centers are vital for an organization’s security and performance? Reach out to Quintillion today to learn more.
