Cyber security is part of a bigger risk management challenge
Sailors don’t let the fear of getting lost at sea stop them from sailing. Instead, they proactively reduce their risks by taking the right precautions – using GSP trackers, avoiding rough seas, and keeping their boats in tip-top shape.
It’s the same with data centre operations. In the real world, risk is all around you. Assessing what those risks are, how likely they might be, and acting on the precautions you need to mitigate them, is what’s important.
Currently, there is a significant amount of discourse in the tech industry about cybersecurity. And while, of course, this focus on cybersecurity is important (and absolutely valid) there is a wider set of challenges that need to be considered.
If you’re only looking at cybersecurity, then there will be other threat vectors that you’re not considering, akin to the sailor missing a small rip in his sail because he’s too busy navigating the storm brewing on the horizon.
Cyber security is a critical component of a modern data centers operation. Data centres rely on specific IT infrastructure and trained personnel to maintain uptime and security, and ultimately to provide a better service to their clients.
But cyber-attacks are not ‘the’ risk. It’s one of the many risks that need to be considered.
So, what are the risks, and what do we do about them?
Never take your eye off the ball(s).
Here’s a simple example. Most data centre operators will take great care to make their data centres secure. If someone does successfully break into a data centre with malicious intentions that security breach will likely be spotted, or become obvious in short order.
Yet a mistake made by a maintenance engineer with authorised access could potentially go unnoticed if the data centre does not have the right systems and procedures in place. In a way, a mistake is more insidious than an attack, at least in part.
And so, the question is more around understanding what could impact your business, and what could impact your operations.
It’s a high-stakes game.
Businesses need to approach risk management with a governance framework. This includes having a collection of controls and systems that have the right procedures, the right people, the right partners, and the right culture.
And these should be conscious decisions, not default alternatives made in the absence of input. These decisions should also be made on the clear understanding the risk does not need to be malicious to be real. As with risk mitigation overall, too narrow a focus, for example solely on password protection, has the potential to increase risk elsewhere, either by omission or oversight.
Having the right people and culture will set the foundations for consistent and stringent risk mitigation. While making sure you have the right partners will even further bolster your risk mitigation strategy. While organisations can’t outsource risk, the right partner should help them reduce their risk by providing them with accurate and relevant information. For example, Macquarie Data Centres partners are able to leverage our stringent and well-test compliance frameworks and seek council from our highly trained security experts.
When it comes to protecting your businesses most precious assets, a holistic approach to risk mitigation is the key to success.