Protecting data centres against emerging cybersecurity threats
Attacks against the data centre industry are growing more numerous and sophisticated; here’s how we’re fighting back.
While it’s essential for data centre operators to acknowledge and plan for operational threats like extreme weather conditions and unstable energy grids, it’s equally important to consider the human angle — new security threats caused by malicious attackers and geopolitical conflict.
What makes data centres a prime target?
Threat actors attack data centres for many different reasons. Some work on behalf of a nation-state or political ideology, while others are inspired by personal financial gain. This begs the question: they could pursue those same goals by attacking various other facilities and institutions, so why are so many of them targeting data centres in particular?
I’m reminded of the old story of the bank robber who was asked why he robbed banks. He responded, “Because that’s where the money is.” This story, while likely apocryphal, speaks to a deeper truth: sometimes, we must accept that the most obvious answer is the correct one.
Data is the currency of the digital world. Much like the bank robbers of old, today’s cybercriminals attack data centres because that’s where the data is. Data centre operators collect and manage an asset that has tremendous value, and we must be ready to protect it accordingly. This is particularly true in the case of a global colocation provider like Equinix.
In recent years, we’ve seen a significant uptick in cybersecurity exploits targeting the data centre industry. These attacks go beyond the data centres themselves; they also target our supply chain partners, such as the control systems and energy management companies we work with. These attacks are very sophisticated and follow patterns that suggest a high level of planning and coordination.
How can operators and regulators partner to address the issue?
Attacks against data centres are so pervasive that government agencies are taking notice. Regulators see data centres as critical infrastructure, and rightfully so: taking facilities offline could harm the economy, disrupt communications and put citizens at risk. Therefore, regulators often step in to make sure they receive the protection they need.
This puts data centre operators in a unique position: We must put the appropriate controls in place to ensure we can fend off attackers, and we also must be able to demonstrate those controls to government regulators, as well as to our business partners and customers.
It’s a complex undertaking, but we know it comes with the territory of being the global platform where digital businesses connect and aggregate data. As business data continues to grow, both in volume and in value, we know that the threats facing data centres will grow as well. We look forward to cooperating with government agencies to keep those threats at bay.
Responding to new threats with AI and ecosystem collaboration
Attacks against data centres may be growing more widespread and sophisticated, but the security tools we’re using to protect ourselves and our customers are maturing as well. In particular, we’re looking at how we can implement AI-driven security capabilities to thwart attacks and keep our customers’ systems and hosted data secure.
AI models are only as good as the data you feed into them, and infosec models are no exception. The threats we face are diverse and always changing, so we need diverse threat intelligence data sources to help us identify and protect against them. To get the data we need, we’ve set up threat intel exchanges. These exchanges allow our partners from both industry and government to share their threat data. Collaborating with an ecosystem of partners will help us all gain greater visibility into threat indicators and respond accordingly to mitigate those threats. Equinix is also a member of industry threat-sharing organisations such as the IT-Information Sharing and Analysis Center (IT-ISAC).
As a global service provider, we recognise that no data centre is an island. Threats can start small and spread quickly, so we must consider all points of vulnerability. For instance, any security threat that successfully targets one of our suppliers could end up spilling over to impact our customers.
For this reason, we work to ensure that our suppliers and partners are practicing good cyber hygiene. We prefer to see them avoid an incident in the first place, but in the unfortunate event that they do fall victim, we want to partner with them to limit the impact. When an incident occurs, we know that our customers and going to have a lot of questions and concerns. We want our partners to help us show customers that we’re doing everything we can to keep their data safe.
Becoming a trusted security advisor for customers
We also recognise that customers are themselves a potential conduit into our systems. For this reason, we aim to help customers identify holes in their security posture.
When we identify an issue, we contact customers proactively to help them fix it. This could be something as simple as addressing password hygiene or applying multifactor authentication when accessing our customer portals. Even these small steps can go a long way toward protecting our customers and protecting ourselves in turn.
We also want to ensure that our customers understand all the different ways we’re working to keep their data protected. We maintain a variety of regulatory and industry certifications to show our adherence with industry best practices for cybersecurity. We make a full report of all current certifications available via our self-service customer portal. This means customers can get the artifacts they need for their own compliance or third-party risk management programs without having to ask us to provide them.