Managing security and compliance in a data center

Managing security and compliance in a data center

A secure and reliable data center: is it just a building with locked doors and multiple cooling and power facilities? Is it about showing ISO certificates or is managing security and compliance also about managing the privacy of clients, creating a safe area to work, delivering top quality and making sure that clients are online at all times?

Clients store systems that contain personal information, process data, financial data and/or process data that are necessary to meet their business goals. Therefore, datacenters must deliver in power, cooling and connectivity without interruptions. They also need to deliver a secure area that prevents unauthorized access to IT systems. Of course, there are several risks that can have a negative impact on these objectives that a datacenter must mitigate.

Certifications

Every data center can explain and demonstrate which measures are taken to convince clients that the data center environment is safe, secure and reliable. Designing and implementing measures to meet the data center’s objectives is a generic process and basic elements in delivering security and quality are described in frameworks. However, to actually prove that a data center meets its objectives, certification is advised.

The ISO 27001 and ISO 9001 are two of the key certificates to demonstrate that processes within a company meet the general accepted ISO standards regarding quality and information security. The ISO standards prove that a company is aware of information security and quality and shows that management objectives are met.
Another important certification regarding information security is PCI-DSS. The PCI-DSS framework provides best practices regarding security controls and the certification provides assurance that appropriate security measures are met. PCI-DSS also proves that highly sensitive information is processed securely.

Besides certifications like ISO and PCI, an assurance report like ISAE3402, SSAE16 and/or SOC2 can confirm the effectiveness of controls over the past period. For a data center the assurance report will focus on controls related to the delivery of secure housing and reliability in power, cooling and connectivity.

Regulations

To create a secure environment, a data center collects information concerning physical access, including biometric information. This information is collected via security cameras, access registration, client registration etcetera. All information is interrelated with the privacy of the visitors. It is important that privacy sensitive data is handled with confidentiality and integrity. Therefore, appropriate security measures must be taken. Several new regulations, including the Dutch ‘Wet Bescherming Persoonsgegevens’ (WBP) and the ‘General Data Protection Regulation’ (GDPR), demand organizations to design security measures to mitigate the risk of unauthorized access to personal information and to prevent abuse of personal information. Delivering a secure data center demands collecting information that may contain personal information. A data center should not only provide a secure and reliable space for its clients, it should also make sure that all collected information is secured against abuse.

At Datacenter.com, we care about our customers’ privacy and assets. We understand that our customers’ critical processes and data needs to be handled with special care. Confidentiality and integrity is very important and the IT Infrastructure needs to be available at all time. It is our responsibility to take all the necessary measures to guarantee maximum security, privacy and availability. The processes we have implemented are in accordance with the latest best practices and frameworks. To prove how much we care, we are certified with ISO 9001, ISO 27001 and PCI-DSS. Additionally, we deliver an assurance report (ISAE 3402) that demonstrates that our controls regarding security, privacy and availability operate effectively. We also care about our environmental responsibilities. Therefore, we designed controls according ISO 14001 got certified.

 

Do you have questions or remarks? Contact our Security & Compliance Manager Jouke Albeda.

More Insights

  • 30 Years of Open Internet in Europe

    On Saturday, 17 November at 2.28 pm it is exactly thirty years ago since the Netherlands was the first country in Europe to be connected to the Internet. System Administrator Piet Beertema of Centrum Wiskunde & Informatica (CWI) in Amsterdam received the confirmation that CWI – as the first institute outside the US – officially gained access to NSFnet.

    Read more
    Read more
    Blog
  • Datacenter.com Takes the Next Step Forward With Power Upgrade in Amsterdam Data Center

    today announced it has completed the first step of the second phase expansion of its flagship data center AMS1 Amsterdam by upgrading the current power grid connection to 10MW of capacity. The expansion is the company's second step forward, following the opening of the AMS1 data center in January of this year.

    Read more
    Read more
    news
  • Datacenter cabinets are getting taller or … ?

    In my previous blog I explained the data center skyline and how it evolved over the last few years. In this blog I will give you my opinion about why data centers should standardize to higher cabinets to keep up with nowadays customer demands and requirements.

    Read more
    Read more
    Blog

Call us on +31 (0)20 - 2384 200
We are happy to answer your question

Email us for more information