Enterprise IT Watch Blog

Nov 17 2010   8:36AM GMT

Who exactly is responsible for data center security?

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

Given our discussion of data centers this month, I reflected back on the data center environments I’ve seen over the past few years and have drawn some interesting conclusions regarding security in/around the data center:

1. Sometimes the physical security team owns the responsibility of securing the data center, but often a physical security manager or team doesn’t exist.

2. When IT is put in charge of data center security, it’s quite commonplace that very little physical security is present (it gets in the way).

3. When physical security does exist, the data center is typically fully locked down with relatively stringent policies and processes regarding the who, how, and why related to people coming and going to/from the premises.

4. When no one takes responsibility for locking down the data center, it’s often the compliance manager or internal auditor who ends up mandating that things be secured.

There’s often no clear responsibility and little accountability related to data center security. But when you think about it, that’s not really any different than vulnerability patching, the software development lifecycle, periodic and ongoing information security testing, proactive system monitoring and so on, right? Thus the cycle of business risks and job security continues. The key? Awareness, communication and striving for control over data center security.

Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with Atlanta-based Principle Logic, LLC and a contributor to the IT Watch Blog. You can reach Kevin through his website at www.principlelogic.com and follow him on Twitter at @kevinbeaver.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • AS VMware moves into data centers, worlds collide - Enterprise IT Watch Blog
    [...] the reason I’m speaking to Frank in the first place. We’ve been taking a look at when written policy and actual practice don’t line up, and he freely admits it’s a problem they bump into regularly. It can mean regulatory and [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: