A Virtual Data Centre (VDC) is a collection of cloud infrastructure which provides a wide range of benefits integrated into the heart of your IT infrastructure. With these benefits come various security and compliance implications. However, if configured correctly, a VDC can actually improve an organisations physical and logical security levels in the following ways:
1) Physical Security
Think about Fort Knox and you have something close to a Virtual Data Centre! In most cases, a VDC
physically resides within bricks and mortar location which exceeds standard building codes and is highly equipped to withstand both natural and man-made disasters.
In addition, with higher tier Data Centres you will often find the following extra security features:
- 24 x 7 security with back-to-base monitoring and physical security foot patrols
- Access card ID sign in and sign out
- Fire retardant systems
- Security cameras and surveillance equipment
- Isolated cages and lockable server racks
- Multiple power and data feeds
2) Logical Security – Securing Data from Hackers and Cyber Attacks
We all know the risk of poor policies and inadequate logical access controls leaving an organisation at risk from attacks.
However, by using a Virtual Data Centre, you can improve the security of both your on-site data and the data held in the cloud. VDC provides a range of tools to implement tighter logical controls which include:
- VPN Tunnels (IPsec VPN, SSL VPN)
- Firewalls which secure and assist traffic flow between internal & external networks and block access from intruders.
- Private Networking allowing network segmentation by logically separating your data from other VDC users, networking between departments and the internet providing network isolation and security.
Example 1 – Virtual Private Network
You can increase the security between your on premise data and your virtual data by using an IPsec VPN, (Virtual Private Network) between two locations. The VPN creates a secure point-point encrypted connection allowing data to flow based on Fire Wall rules. As a result, all data is encrypted and cannot be intercepted or accessed by other parties.
Example 2 - Point to Point Data Security used by individuals
Securing remote staff communication from hackers can be achieved by using a SSL VPN. An SSL VPN is designed for standalone devices such as desktops, laptops, tablets and telephones. . This functionality secures communication between the VDC and the device by creating an encrypted tunnel through the internet back to the VDC.
3) Secure and Limit Data Access
User access can be segmented with different security permissions that allow access to specific data sets and documents allocated to each group. This allows granular control over users and the data they can access. Permissions can be set as Read Only, Read/ Write and Owner etc.
4) Data Sovereignty
Data sovereignty (the concept that information which has been converted and stored in binary digital form is subject to the laws of the country) is often difficult to achieve to the different data legislation across countries. E.g. holding data in the USA means you must abide by USA federal laws. However, by selecting a VDC that's located in Australia, you ensure that your data complies with Australian legislation.
5) Secure Data – With a Disaster Recovery Policy
Disaster recovery is easier when your data centre is virtualized and with this, comes quicker and more effective data restoration times. Restoring data from the cloud into your VDC can be as quick as a few minutes while restoring data from the cloud to your on premise location can vary according to your Internet connection speed and the amount which needs to be restored.Read more: Three considerations to ensure your network is ready for the Internet of Things
With over 25 years’ experience in the IT industry, Gerardo Altman is the Managing Director of Velocity Host, an Australian-based Cloud Computing Provider specialising in services for Cloud Resellers and B2B Cloud Hosting. Partnering with industry innovators and leaders our solutions and services help clients "Develop IT, Build IT, Grow IT”.