Generally, data center best practices can relate to many things from a data center’s design to its efficiency. However, the most important aspect for organizations to consider is data center security.
Data breaches now total a global annual cost of $2.1 trillion. These incidents cost companies large sums of money, as well as damage reputation and decrease consumer trust, impacting profit down the line.
To ensure the security of data centers, organizations need to pay close attention to their supply chain. Supply chain visibility is the common denominator amongst data center threats, accounting for almost 80% of data breaches. If an organization has poor visibility over its supply chain, the chance of an attack is high, with hidden entry points open and waiting for exploitation.
Supply chains are to blame for many high-profile data breaches, proving even the most established organizations are struggling to take hold of their supply chain. Target’s 2013 breach stands as one of the most infamous examples. Every year, data breaches are dissected and linked back to a third-party vendor, a singular employee, or a minor mistake within a supply chain.
As such, supply chain transparency is named the biggest challenge for global supply chain executives with 21.8% of executives selecting visibility as their greatest concern. Needless to say, many data center best practices relate to tightening such relationships and streamlining the way we share and store data across partners, as well as holding internal and external parties accountable.
Here are our four data center management best practices for minimizing supply chain risk.
- Set supplier standards
- Define data and tier supplier relationships
- Appoint and hold others accountable
- Conduct a supply chain audit
1. Set supplier standards
We’re accustomed to setting internal standards for data sharing, storage and security but we don’t often hold our partners to the same standards or make them feel accountable for their actions. We put in so much groundwork when it comes to our own security standards but fail to set a minimum expectation when it comes to others that we work with. Yet, this isn’t because we’re ignorant of the impact of supplier risks.
According to research conducted by Experian, 56% of businesses believe that both the organization and the supplier are equally accountable in the event of a data breach in a third-party system.
This number fluctuates depending on whether or not an organization has experienced a breach. Those who have been victims of third-party attacks are more likely to shift blame to the supplier, while those who haven’t experienced an attack are more likely to perceive themselves as ultimately accountable. Despite where you sit on this scale, the external impact remains the same.
Just over half of consumers (51%) expect financial compensation if their information is lost or stolen and an even greater number (65%) expect advice and support on what to do after a breach. And this doesn’t even touch on how a consumer’s perception of your organization may be permanently damaged as a result.
Needless to say, a breach, whether due to an external or internal error impacts business as a whole. So, suppliers should be set the same, rigorous security standards as your own.
2. Define data and tier supplier relationships
Data centers hold a whole host of information, with some data being more critical than others. So, it makes sense to tier supplier access to data centers, only allowing the most integral stakeholders entry to the most vulnerable points of your data center.
In theory, suppliers should only be given access to the data they need to carry out their mission. To achieve this, data centers need to be structured intelligently to become more conscious of how data is moved, shared and stored with individual partners.
The fewer people with entry to critical data stores, the less likely this data will ever be compromised. That said, organizing your IT through procedures like asset tagging allows you to gain visibility over your inventory, in turn, empowering you to dictate who can see and share data and when.
Data center best practice would see an organization having a unique relationship with every supplier, only sharing the critical stores of information a third party requires. For example, third-party insurance providers would be privy to consumer’s confidential private information as they require it, whereas other suppliers wouldn’t.
In this sense, organizations move away from a traditional supply chain model to more of a hierarchical dynamic. In this system, data is shared on a case-by-case basis, limiting how many parties can view and house data at any one time and making it apparent who you’re sharing information with. Mirroring how you might mitigate risk internally, suppliers are ranked in terms of seniority to your mission.
3. Appoint and hold others accountable
As we’ve already mentioned, accountability in data breaches is a hotly debated topic. However, accountability is made crystal clear when the person responsible is appointed before the event.
As with anything to do with security, it’s always best to be proactive rather than reactive. Statistically speaking, organizations are likely to encounter a data breach at some point during their operation, so they need to plan accordingly for the worst-case scenario as well as attempt to prevent it. In the UK, one small business is hacked every 19 seconds and more generally, 88% of businesses have suffered breaches in the last twelve months. The likelihood is that a data breach will happen and knowing who’s accountable when it does is important.
Internally, appointing a Data Protection Officer (DPO) means someone inside your organization will be invested and in charge of actioning your data protection strategy. A DPO will assume responsibility for improving supply chain visibility and nurturing more transparent, honest supplier relationships as well as overseeing the transportation of data and how it’s stored with outside parties.
A DPO will decrease the likelihood of data breaches, helping to enforce external expectations and drive data center best practices but they’re also a valuable resource for when and if things do go wrong, being well versed in quick recovery and response missions.
4. Conduct a supply chain audit
Lastly, and perhaps most obviously, it’s crucial to conduct a supply chain audit. As so many data breaches are linked to supply chains, vetting your existing supply chain and how it relates to your data center is a natural place to start.
Encouragingly, 92% of medium to large businesses already review the policies and procedures of third-party suppliers annually. Yet, in an ideal world, assessments would be carried out much more frequently than this, in line with the fast pace of technological change.
Furthermore, supply chain audits are all about what you do with the resulting information and how you take action against it.
Conducting a supply chain audit relates to and encompasses every other point on this list, enforcing new supplier standards, defining supplier importance and access and ultimately appointing someone accountable. In a supply chain audit, organizations can begin to dig a little deeper into their data centers and find vulnerabilities in their existing supply chain structure to immediately address, all with the help of a dedicated DPO.
Lead in CTA text
<CTA>
