The Human Threat to Data Center Compliance and Security

Humans can be dangerous to data security, and every data center needs to take adequate measures to protect these threats.

However, most data centers remain oblivious to another kind of threat that insiders can cause – leaving changes undocumented. Many IT professionals, responsible for the smooth operations of the data center, make changes or tweaks as the situation demands, but often leave those changes undocumented – either due to work pressure, emergencies or just sheer laziness.

These undocumented changes can lead to a whole host of issues, and the length of downtime increases would be the least of these issues. Apart from the fact that these changes themselves could cause downtime, it could also result in major security breaches and serious compliance issues. Undocumented changes could prevent restoring the system after it goes down, it could prevent the system from making routine checks that are part of compliance or security procedures and it prevents visibility into the network.

The 2014 “State of IT Changes” survey conducted by Netwrix, an audit software vendor, reveals that 57% of IT professionals in data centers have made undocumented changes that no one else is aware of. What is more worrying is that 40% of the data centers covered have no “formal IT change management controls” either. The survey also reveals that “39% of these undocumented changes were the root cause of some security breach or the other.”

There are many examples that reinforce this point. In 2012, failure by a contractor to reactivate a firewall resulted in hackers downloading about 800,000 protected health information (PHI) of Utah residences, resulting in non-compliance of the HIPAA Act.

While no amount of automation can completely do away with manual configuration in any hosting environment, data centers need to ensure that all changes are well documented. Change auditing is a fundamental requirement for security and compliance. Data centers that deploy technology to automate compliance as much as possible, have necessary systems in place (even something as simple as a checklist) to reinforce documentation and implement administrative fail-safe mechanisms would have less risk of human errors that may cause serious security and compliance breaches.

If you’re looking for a data center you can trust, look no further than Lifeline Data Centers. We stay on top of compliance and security issues with documented processes in place so you don’t have to worry about your data. Contact us today.

Alex Carroll

Managing Member at Lifeline Data Centers

Alex, co-owner, is responsible for all real estate, construction and mission critical facilities: hardened buildings, power systems, cooling systems, fire suppression, and environmentals. Alex also manages relationships with the telecommunications providers and has an extensive background in IT infrastructure support, database administration and software design and development. Alex architected Lifeline’s proprietary GRCA system and is hands-on every day in the data center.