A very interesting webinar hosted by Observe IT covered the issues of security and more importantly ‘insider threat’. When we think about our data protection and the threats that exist, people generally think first and foremost about outside or external threats. Hacking and malicious attacks on our IT systems, either through our cyber systems or perhaps even attacks on our physical IT infrastructure.

The truth is that of all the threats to IT security, 90% of threats come from within the company, referred to as ‘insider threats’.and even more concerning – 71% of insider threats are not malicious attacks from disgruntled employees, but unintentional security breaches by employees who simply misuse company systems, fail to logout, click links on infected emails  or browse the internet and click links to sites that download viruses into the company system.

The risks to data centres are not dissimilar. There are the obvious concerns of ‘outsider threats’ to the physical building, such as flooding, terror attacks or break-ins. Then there are data centre ‘insider threats’ and these, in much the same way as IT security threats, are often unintentional breaches by employees.

In the case of the data centre, insider threats can include the people managing the data centre leaving access details unsecured or sharing access details with unauthorised personnel (even though they may work at the organisation) or simply leaving the data centre open, even just momentarily, leaving the IT infrastructure exposed. It could be company personnel who don’t adhere to cleanliness regulations leaving dirt and dust particles behind which over time can cause damage to IT systems. The threat can be data centre staff who have not been fully trained on equipment or systems or those who are new to the job and misuse data centre equipment causing damage.

When we consider how much funding is spent on securing our data centre from outside threats, it is surprising how little is spent on minimising insider threats, when you consider your breach is far more likely to come from inside than outside. Companies need to invest in systems and processes that secure the data centre and ultimately the whole IT system of their business from unintentional harm brought about by well-meaning employees. Building a robust set of regulations and protocols for management of the DC. Ensuring full training of all personnel. Building in regular cleaning as part of your data centre maintenance contract.

In summary, investing time and budget on safeguarding your data centre from the ‘insider’ out.

Scanning of a fingerprint with  new technologies

Scanning of a fingerprint with new technologies