insiderBOOKS Articles and Insights

blog
Cloud

Four ways to ensure the security of your cloud server

Note: John Palmer is managing editor of insiderBOOKS. He can be contacted at john.palmer@wispubs.com.

If you’ve recently moved your SAP solutions into the cloud, you’ve probably given some thought about the safety of your network and the information that your business transfers on a daily basis. And who can blame you? With an almost daily dose of reports in the news about hacks and compromised personal information, it’s a critical requirement for any business to make sure they have the proper physical safeguards in place to protect information.

IBM cloud security experts Michael Patrick Daniels, Mary Hunt, and Anthony Petta share some of their insights on how you can improve the security of your cloud operations. Some of them are surprisingly simple, and you can get a jump start on it right now by having a look at the data centers that provide your cloud services.

  • Research the backup plan. This seems to be common sense, but what happens if your server building gets taken out, say, by a truck crashing into a power generator in your data center? It happened in 2007, at Rackspace’s data center in Dallas, knocking the cooling systems offline. Make sure your provider has a backup plan, as the ultimate protection for data at a data center is more data centers. If your provider has multiple locations, it may use co-location to provide you with redundant access to your SAP platforms. This depends on your setup; in some cases, you may not want co-location. But a provider with the possibility of multiple data centers can assure you that if disaster strikes, your data will not fall with the building.
  • Is access to server rooms limited? The other primary physical threat comes from people who have access to the data center, whether that comes from theft or incompetence. Not only is the equipment in a data center valuable, but so is the data it contains. It's possible that an individual with physical access to a data center could take equipment, or individuals with malicious intent could also install malicious code through insecure physical interfaces; physically accessing a computer is the easiest way to break into it. Data centers should have one primary entrance. Any employees, vendors, or visitors should all enter through the same door, sign in with the same receptionist, and then go where they need to go. This funnels all traffic into a single point, leaving less space to monitor. A single camera can catch almost everybody coming to the data center. Delivery docks need to be tightly controlled to make sure vendors or people posing as vendors can’t slip past the gates. Emergency exits (often mandated by law) should not have outside handles or other visible markings. To control access, a data center might require ID badges at all times.
  • Check for squirrels. Yes, these cute little guys can wreak havoc on your cloud environment, as there needs to be either physical lines of cable running between the client computers and the data center, wireless or satellite connectivity, or both. In this wireless world, it’s important to remember that most wireless networks connect into a wired network at some point anyway, and that network cable can be cut or otherwise destroyed. Squirrels and other critters can hit cables at any point between the data center wall and your computers. The data center can minimize how much effect those tree-borne rodents have on system uptime by keeping the connection cable out of sight. Unfortunately, they can’t do much about the cables outside their property lines. Make sure your cloud provider’s data center has multiple, redundant cables to handle traffic. You don’t want a careless worker with a backhoe a few miles away to be able to deny you access to your business-critical data.
  • Make sure the building is boring. Good access control starts before a person gets to the front door. Think of the data center like a bank vault; instead of gold, this vault holds business-critical data. Depending on the size of the vault, you need to get past different levels of security to get to the building. A data center’s security might start in where it chooses to locate it. Cloud providers rarely build a data center in a dense urban area; instead, they choose locations outside cities. Besides offering less expensive real estate and less burdened utility grids, they may allow providers to control roads in and out.

Wherever the building is, a good data center is anonymous. The building blends in as best it can, looking like a warehouse or office complex. No logos or windows into the server rooms give it away. If the center is beset by thieves, it won’t be because they found an opportunity driving by; they’ll need a greater level of knowledge just to know what the building is.

Want more information like this? Be sure to check out the new book, SAP in the Cloud: Security Essentials, available here for download from insiderBOOKS.

Popular Chapters

View More
  • Chapter 7: Phase Four: Transition

    In the final phase, transition, we go through what you can expect at go-live, followed by lengthy discussions regarding service level agreements, operations process training, and transition to cloud operations. We talk about intricacies of system stabilization and monitoring. Finally, we explore the options for business continuity and security

    Read More
  • Chapter 6: Phase Three: Build

    In the third phase, build, we walk through developing proofs of concept for your project. The chapter discusses how to take advantage of a provision-shared infrastructure, as well as strategies for building and testing that infrastructure. There is an examination on how to build and mitigate databases and applications, as well as planning the phase cutover. It also looks at automated provisioning and automated services.

    Read More
  • Chapter 5: Phase Two: Model

    The second phase of moving SAP to the cloud, model, contains an overview of the second half of onboarding to the cloud. It examples infrastructure requirements and design and walks the reader through the process of developing a workload analysis. The chapter discusses application and business process discovery as well as operational run books and migration strategy.

    Read More
View More