Friday, 27 January 2012

Is your Data Centre host secure?

I went to a Cloud services exhibition at Olympia yesterday. On the trip, so thoughtfully extended in duration by London Underground managers, I was reading the free Metro newspaper. One of the articles by Aidan Radnedge was titled "Business elite: Earnings gap will fuel riots across Europe." It was a report on part of the action at the World Economic Conference in Davos. The general view supported by a Bloomberg poll was that the disparity between the wealthy and the rest of the world will lead to protests.

I'd predict that some of the people/organisations who come under fire will be Bankers and their premises. There is in effect a greatly increased risk of the Bankers' infrastructure coming under targeted attacks in the next couple of years. It will not be just the blind anger of the mobs, but also calculated very damaging attacks by informed intelligent individuals intent on damaging the operations of the financial companies.

During my visit at the exhibition I visited the stands of several large data centre hosting companies to discuss developments in their offerings. As part of the discussion I threw in a couple of security questions about their operational procedures. I'm sad to say every one of those companies "failed" those simple security questions. The question was about methods by which rioters, malicious agents or hostile governments could use to disable the computing facilities at their data centres. The general response was "Oh, we hadn't thought of that. I'll have to check."

The questions I'd posed were fairly simple, but in the interests of security I'll not reveal them here. I'm happy to discuss them with any bona fide company representative off-line. If the line of attack I'd proposed was followed it could be used to simultaneously defeat geographically dispersed data centres. The perpetrators would be well away from the scene when the damage occurred. I know of one hosting company who reviewed and changed their procedures after I'd asked the same questions of them during an inspection visit.

No comments:

Post a Comment