Data centers, once safely hidden deep in the core of the organizations they serviced, now find they are at the forefront of cyber warfare. According to a new study by AFCOM's Data Center Institute, constant terror alerts, hacker attacks, malicious viruses and a host of other cyber security threats have made information security a major priority for data centers.

The survey, conducted earlier this year among 257 senior data center managers, shows that cyber defense issues remain extremely important for 71.2 percent of the surveyed organizations. AFCOM is the premier association representing the needs of enterprise and Internet data center executives and vendors around the globe.

Data centers are security conscious for a good reason – almost one-third of the surveyed organizations experienced a cyber attack in the last year.

Security budgets are swelling. Nearly half of the surveyed organizations, or 47.9 percent, hiked their security budgets; and 34 percent kept them on the same level despite economic pressures. Security expenses can reach a whopping one-fifth of an IT budget, although most organizations, or 68.9 percent, limit them to 3-8 percent. Most respondents (63 percent) say their organizations are going to spend $100,000 to $250,000 on information security this year, while 36.9 percent plan to allocate $250,000 to $1 million.

In the insecure world, all organizations are doing their best to fend off a potential attack. However, some consider their operations so sensitive that they are ready to go an extra mile and incur additional expenses. Manufacturing organizations are the most security conscious. In the $1 million budget category, they have a 21 percent share, followed by Transportation/Utilities (17 percent), Insurance/Real Estate and Financial/Accounting (13 percent each).

Surprisingly, government agencies, despite the government's increased emphasis on homeland security measures, are not among the leaders. They constitute just 8 percent of big spenders, along with banking and data processing sectors.

The budgeted funds for security are largely spent to upgrade the cyber security arsenals. More than 98 percent of the respondents say their organizations deploy antivirus solutions and firewalls, while 89.1 percent have card-key access, 75.9 percent maintain virtual private networks and 58.8 percent install intrusion detection devices.

Physical security measures play an important role. Nearly 93 percent of the surveyed organizations have restricted access to raised floor/network areas, with 83.6 percent using card keys and 74.5 percent installing security cameras and issuing photo ID badges.

Many low-tech security measures appeal to data centers' no-nonsense approach more than cutting-edge technology. For example, most data centers are apprehensive of biometric security devices, with 38.2 percent of the respondents saying there is no need for their implementation, 23.6 percent saying they are too costly and 23.6 percent saying there are other unspecified reasons. Instead, most organizations, or 63.6 percent, require escorts in the data center.

In most cases, the elaborate defenses erected over the recent years seem to hold. However, they do not guarantee complete invincibility ­– 7.3 percent of the respondents said assault was successful, especially when the threat came from within. Although a mere 4.8 percent of the attacks originate internally, they are perceived as very dangerous; 23.1 percent say internal threats are the main driver of their organizations' information security efforts.

The Data Center Institute study showed that data centers' weakest security point is probably their security chain of command. Security staff may number as many as 100 people; but most organizations, or 61.9 percent, do not have a chief security officer. The security function reports to a variety of executives, including data center VP/director/manager (20.7 percent), vice president of IS/IT (20.1 percent), director of IS/IT (17.3 percent), CIO (14.5 percent) and business unit/department head (7.3 percent), while 3.9 percent report to either the president or CEO and 16.2 percent to other unspecified executives.

The survey findings show that data centers have evolved into their organizations' main information security hubs. The Data Center Institute believes that data center managers will be the ones making critical information security purchasing and deployment solutions, at least in the near future.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access