Managing security and compliance in a data center

Managing security and compliance in a data center

A secure and reliable data center: is it just a building with locked doors and multiple cooling and power facilities? Is it about showing ISO certificates or is managing security and compliance also about managing the privacy of clients, creating a safe area to work, delivering top quality and making sure that clients are online at all times?

Clients store systems that contain personal information, process data, financial data and/or process data that are necessary to meet their business goals. Therefore, datacenters must deliver in power, cooling and connectivity without interruptions. They also need to deliver a secure area that prevents unauthorized access to IT systems. Of course, there are several risks that can have a negative impact on these objectives that a datacenter must mitigate.

Certifications

Every data center can explain and demonstrate which measures are taken to convince clients that the data center environment is safe, secure and reliable. Designing and implementing measures to meet the data center’s objectives is a generic process and basic elements in delivering security and quality are described in frameworks. However, to actually prove that a data center meets its objectives, certification is advised.

The ISO 27001 and ISO 9001 are two of the key certificates to demonstrate that processes within a company meet the general accepted ISO standards regarding quality and information security. The ISO standards prove that a company is aware of information security and quality and shows that management objectives are met.
Another important certification regarding information security is PCI-DSS. The PCI-DSS framework provides best practices regarding security controls and the certification provides assurance that appropriate security measures are met. PCI-DSS also proves that highly sensitive information is processed securely.

Besides certifications like ISO and PCI, an assurance report like ISAE3402, SSAE16 and/or SOC2 can confirm the effectiveness of controls over the past period. For a data center the assurance report will focus on controls related to the delivery of secure housing and reliability in power, cooling and connectivity.

Regulations

To create a secure environment, a data center collects information concerning physical access, including biometric information. This information is collected via security cameras, access registration, client registration etcetera. All information is interrelated with the privacy of the visitors. It is important that privacy sensitive data is handled with confidentiality and integrity. Therefore, appropriate security measures must be taken. Several new regulations, including the Dutch ‘Wet Bescherming Persoonsgegevens’ (WBP) and the ‘General Data Protection Regulation’ (GDPR), demand organizations to design security measures to mitigate the risk of unauthorized access to personal information and to prevent abuse of personal information. Delivering a secure data center demands collecting information that may contain personal information. A data center should not only provide a secure and reliable space for its clients, it should also make sure that all collected information is secured against abuse.

At Datacenter.com, we care about our customers’ privacy and assets. We understand that our customers’ critical processes and data needs to be handled with special care. Confidentiality and integrity is very important and the IT Infrastructure needs to be available at all time. It is our responsibility to take all the necessary measures to guarantee maximum security, privacy and availability. The processes we have implemented are in accordance with the latest best practices and frameworks. To prove how much we care, we are certified with ISO 9001, ISO 27001 and PCI-DSS. Additionally, we deliver an assurance report (ISAE 3402) that demonstrates that our controls regarding security, privacy and availability operate effectively. We also care about our environmental responsibilities. Therefore, we designed controls according ISO 14001 got certified.

 

Do you have questions or remarks? Contact our Security & Compliance Manager Jouke Albeda.

More Insights

  • Why Busbar better benefits the needs of a contemporary datacenter

    That datacenters supply power, cooling and security is clear, but how about the way the customers receive the power? Is there a best practice? In this blog I will share my vision regarding the use of busbar as a power distribution method for server racks.

    Read more
    Read more
    Blog
  • Global Data Center Survey by the Uptime Institute

    The Uptime Institute, famous for its Tier rating system, has a yearly data center survey. We’ve taken a look at their latest report and highlighted the most interesting and surprising results. The survey was held under 867 data centers worldwide, of which 43% were based in the USA and Canada, 19% in Europe and 13% in Latin America. Asia Pacific and Africa accounted for 12 and 11%, while Russia and China both came last with 1%.

    Read more
    Read more
    Blog
  • Video: We are Datacenter.com

    Interested in learning more about Datacenter.com’s flagship data center in Amsterdam? Data center AMS1 is strategically located in Amsterdam Southeast, on the prime fiber network routes from international carriers and backbones in Europe. AMS1 showcases superior engineering and energy efficiency.

    Take a look inside of our data center.

    Read more
    Read more
    Resources

Call us on +31 (0)20 - 2384 200
We are happy to answer your question

Email us for more information