By Abdul Khader Aslam, Senior Director, Information Security Compliance, Risk & Governance, Equinix
While it’s essential for data center operators to acknowledge and plan for operational threats like extreme weather conditions and unstable energy grids, it’s equally important to consider the human angle – new security threats caused by malicious attackers and geopolitical conflict.
What makes data centers a prime target?
Threat actors attack data centers for many different reasons. Some work on behalf of a nation-state or political ideology, while others are inspired by personal financial gain. This begs the question: They could pursue those same goals by attacking various other facilities and institutions, so why are so many of them targeting data centers in particular?
There is an old story of the bank robber who was asked why he robbed banks. He responded, “Because that’s where the money is.” This story, while likely apocryphal, speaks to a deeper truth: Sometimes, we have to accept that the most obvious answer is the correct one. Data is the currency of the digital world. Much like the bank robbers of old, today’s cybercriminals attack data centers because that’s where the data is. Data center operators collect and manage an asset that has tremendous value, and we must be ready to protect it accordingly.
In recent years, we’ve seen a significant uptick in cybersecurity exploits targeting the data centre industry. These attacks go beyond the data centers themselves; they also target our supply chain partners, such as the control systems and energy management companies we work with. These attacks are very sophisticated and follow patterns that suggest a high level of planning and coordination.
How can operators and regulators partner to address the issue?
Attacks against data centers are so pervasive that government agencies are taking notice. Regulators see data centers as critical infrastructure, and rightfully so: Taking facilities offline could harm the economy, disrupt communications and put citizens at risk. Therefore, regulators often step in to make sure they receive the protection they need.
This puts data center operators in a unique position: We have to put the appropriate controls in place to ensure we can fend off attackers, and we also have to be able to demonstrate those controls to government regulators, as well as to our business partners and customers.
It’s a complex undertaking, but we know it comes with the territory of being the global platform where digital businesses connect and aggregate data. As business data continues to grow, both in volume and in value, we know that the threats facing data centers will grow as well. We look forward to cooperating with government agencies to keep those threats at bay.
Responding to new threats with AI and ecosystem collaboration
Attacks against data centers may be growing more widespread and sophisticated, but the security tools we’re using to protect ourselves and our customers are maturing as well. In particular, we’re looking at how we can implement AI-driven security capabilities to thwart attacks and keep our customers’ systems and hosted data secure.
AI models are only as good as the data you feed into them, and infosec models are no exception. The threats we face are diverse and always changing, so we need diverse threat intelligence data sources to help us identify and protect against them. To get the data we need, we’ve set up threat intel exchanges. These exchanges allow our partners from both industry and government to share their threat data. Collaborating with an ecosystem of partners will help us all gain greater visibility into threat indicators and respond accordingly to mitigate those threats. Threats can start small and spread quickly, so we have to consider all points of vulnerability. For instance, any security threat that successfully targets one of our suppliers could end up spilling over to impact our customers.
For this reason, we work to ensure that our suppliers and partners are practicing good cyber hygiene. We prefer to see them avoid an incident in the first place, but in the unfortunate event that they do fall victim, we want to partner with them to limit the impact. When an incident occurs, we know that our customers and going to have a lot of questions and concerns. We want our partners to help us show customers that we’re doing everything we can to keep their data safe.
Becoming a trusted security advisor for customers
We also recognize that customers are themselves a potential conduit into our systems. For this reason, we aim to help customers identify holes in their security posture. When we identify an issue, we contact customers proactively to help them fix it.
This could be something as simple as addressing password hygiene or applying multifactor authentication when accessing our customer portals. Even these small steps can go a long way toward protecting our customers, and protecting ourselves in turn.
We also want to ensure that our customers understand all the different ways we’re working to keep their data protected. We maintain a variety of regulatory and industry certifications to show our adherence with industry best practices for cybersecurity. We make a full report of all current certifications available via our self-service customer portal. This means that customers can get the artifacts they need for their own compliance or third-party risk management programs without having to ask us to provide them.