|
Data centre security remains a critical issue for both end-user organizations and data centre and managed service providers, achieving top ranking alongside availability/resilience of data centre based IT services in the survey conducted for this new report.
Based on primary research including an end user survey, a survey of service providers, interviews with end-users, vendors, service providers and industry experts, this extensive new report (147 pages) focused on data centre security reveals how organizations are responding to a changing threat landscape . It also incorporates information from a wide range of sources covering physical, logical and people-related security measures.
New controls are being deployed to meet these threats and compliance requirements in particular in the areas of web application security and data security. At the same time, it is the long-standing threats of human error and physical security of the data centre which continue to be ranked of key importance by respondents to the surveys conducted for this report.
Many current and forthcoming data centre standards address the availability aspects of data centre security, but are weaker on confidentiality and integrity. These are the three principal properties of information security used by the international standard for implementing an information security management system (ISO/IEC 27001). This standard alongside SAS 70 Type 2 has become the most important external certification for data centre providers to achieve to demonstrate their ability to support customer security efforts.
The report introduces ISO/IEC 27001 and explains its importance in bringing a systematic approach to data centre security investments. It also uniquely presents an extensive set of good practices in data centre security focusing on areas not typically addressed in existing standards. Most areas are accompanied by extensive further information references with more than 150 links to standards, literature and vendors of products and solutions.
An overriding objective of the report is to bring together knowledge across physical security, information security and IT/computer security in the context of the data centre and addresses all layers from the physical facility up to aspects of application security in a manner relevant to data centre organisations.
Research for this report suggests that compliance is a key driver for data centre security efforts. The main compliance regimes which organisations are working under are discussed. The relevance of data centre security to each of these is highlighted and the report advises readers how they can find the information they need to ease data centre related compliance efforts.
Finally the report examines the impact virtualisation and cloud computing are having on data centre security and the way in which vendor solutions are beginning to respond to these changes in data centre security needs.
|
ÇöÀçÀ§Ä¡ : 
