II. Risk Factors in Data Centre Management in Universities

by JUCC ISTF
SHARE THIS
/* The following article is extracted from the "Information Security Newsletter" published by the JUCC IS Task Force. */  
 
 
While data centre management is a cost-saving approach and brings a lot benefits including increased productivity, higher reliability, improved security and compliance, however, there are risks that may make the universities vulnerable to attack. Some common factors that increase the risk exposure of data centres are:
 
  • System and Technology Complexity

    Universities' IT environments are growing more complex that may result in the proliferation of servers, systems and devices. Different operating systems and management tools make IT management difficult to integrate with existing data centre management framework and create interoperation problems. Through the expansion of universities' IT services, additional devices and / or protocols in the data centres also cause more complexity, increasing the need for more management effort and skilled IT staff.

    Without properly designed data centre management solution that addresses the complexity within universities' data centres, issues such as inappropriate operational procedures, incompetent IT staff and gaps in communication may arise. Eventually, these issues will lead to greater risks of service interruptions, security flaws and system damages due to human errors or incompatibilities.

  • Virtualisation

    One popular strategy for data centre management field is virtualisation that can effectively increases the utilisation of data centre resources and achieve the cost / energy saving objective. However, the flip side of this technology is the increased channels for attacks (i.e. hosting multiple virtual machines on a single physical machine increases the attack surface in the virtual environment), increased difficulty in change management controls of information system residing in virtualised platform, more complicated IT asset discovery and tracking process, and data confidentiality problem due to the sharing of physical server infrastructures.

  • Disaster Recovery and Business Continuity

    In the event of a disaster or major service interruption, data centres require consistent and reliable replication of IT equipments to sustain universities' IT operations and services, which usually consumes costly resources.

    Without efficient allocation and management of the resources required for disaster recovery and business continuity, the reliability and availability of universities' information systems cannot be guaranteed within a cost constraint. Additionally, unavailability of resources will render the disaster recovery or business continuity plans ineffective, of which universities may not be aware.

  • Growing Size

    Generally speaking, growth of universities' information infrastructures will result in physical space crunch in the data centres as well as increases the consumption of energy. More networking, more servers and more storage continue to occupy costly floor space and consume higher power. On the other hand, such growth often indicates additional management effort and IT staff resources to perform routine operational jobs, monitoring, security checks and maintenance. A data centre management solution with poorly segregated functional teams and inefficient management utilities may be incapable of handling the increased data centre sizes.

  • Remote Access

    Continuous and uninterrupted information access services, such as e-learning, are provided by most universities today. The always-on and always ready service mode needs high system availability. Remote data centre management tools allow IT staff to instantly access to information systems without physically entering the data centres. However, the flexibility and convenience of remote access also raises security concerns. Successful attacks by exploiting the vulnerabilities of remote data centre management tools can grant hackers with privileged access to universities' critical information systems.

Related Article

Data Centre Security: A 10-point Checklist

Whether you are a hosting, co-locating, or running your own data centre, security issues seems to persist. Not only do you need to keep data safe and meet service-level agreements, but the cost of a breach is also high. That cost will vary depending on a number of factors, such as the type of breach or how you value your data.

According to the Ponemon Institute's Annual Cost of a Data Breach study, the cost of a breach in 2009 was US $202 per personal record, an amount made up of what the institute describes as "direct, indirect and opportunity costs from the loss or theft of personal information".

Yet securing a data centre is a huge task that includes physical as well as electronic and procedural issues. Here is a 10-point checklist to help you verify that your security arrangements cover the key areas.

Read More

[Previous section][Next section]