Data center connectivity is essential for businesses and organizations to securely transfer data and communicate with other entities. However, it also brings up important network security and data privacy concerns.
“Whether a data center is used mainly for storage, disaster recovery, or supporting applications, its computational workloads are the backbone of the businesses it serves,” says cybersecurity solutions and service provider Fortinet. “In addition, a company's sensitive information and business-critical applications are a treasure trove of opportunity for hackers and other threats.”
Data Center Cyber Attacks on the Rise, Pressure to Protect Privacy
Data centers in 2023 are facing escalating cyber attacks on one front and increasing demands to protect user data on another front.
Security magazine reported in January that global cyber attacks rose 38 percent in 2022, according to Check Point Research.
“The escalation of cyberattacks is attributed to more agile hackers and ransomware gangs who focused on exploiting collaboration tools used by remote workers and schools and educational institutions that shifted to e-learning during the pandemic, as well as a significant increase in attacks on healthcare organizations,” wrote Joy LePree Anderson in Security.
Specifically, Security said that the rise in cyberattacks was driven by:
- Collaboration Tools Targeted: A growing number of smaller, more agile criminal groups targeted business collaboration tools, such as Slack, Teams, OneDrive, and Google Drive, that were used during the pandemic and continue to be used by businesses to enable remote work.
- Education Move to Digitalization: The rapid digitalization of academic institutions responding to the pandemic, which led to vulnerable data. Schools and other educational facilities were not prepared for the unexpected shift to online learning and many students used their own devices to connect to public Wi-Fi, creating easy targets for hackers.
- Healthcare in Crosshairs: A growing number of cyberattacks on the healthcare industry contributed to the overall upswing in 2022’s cyberattack landscape. Healthcare facilities in the U.S. alone saw an average of 1,410 weekly cyberattacks per organization in 2022, an 86 percent increase compared to the previous year. The upsurge in attacks on healthcare is likely due to the value of health insurance information, medical records, and social security numbers.
At the same time, businesses and data centers are tasked with keeping up an increasingly complex web of regulations and rules in the United States, Europe, and across the world regarding data privacy and personal data.
“The current state of data privacy regulation is complicated. As technology has advanced and digital tools have become more prolific, the need to protect customer data has become more important,” says professional services company Grant Thornton. “Consumers need and expect privacy protection during every transaction, not just for a high-security activity like banking, finance, or healthcare. Buying groceries, signing up for a subscription streaming service, or using almost any phone app all have the potential to put personal data at risk.”
New changes, according to Grant Thornton, in the U.S. in 2023 include:
- California Privacy Right Act (CPRA): The changes apply to for-profit businesses that conduct operations in California and either has gross revenues over $25 million, buy/sell/share personal information of 100,000+ consumers, or derive more than 50 percent of their revenue from personal information sales. The CPRA also establishes the California Privacy Protection Agency, increases individual and opt-out rights, limits retention of personal data to only that which is necessary, and includes protections for employee and business contact personal data.
- Colorado Privacy Act (CPA): Changes to the CPA apply to organizations that do business in Colorado or target Colorado residents and either process the personal information of 100,000+ residents or process the personal information of more than 25,000 Colorado residents and profit from the sale of personal information. Violations incur a $2,000 fine (up to $500,000 total). This also includes universal opt-out by 2024 and a prohibition of “dark patterns.” New data privacy and security assessments are required for high-risk processing, and this requires an assessment of the adequacy of vendors’ privacy/security (including the deletion or return of data at the end of a contract).
- Virginia Consumer Data Protection Act (CDPA): Virginia’s CDPA changes apply to organizations that do business in Virginia or target Virginia residents and either process the personal information of 100,000+ residents or more than 25,000 Virginia residents but derive more than 50% of revenue from personal information sales. Violations include up to a $7,500 fine plus litigation and attorney fees. Data collectors must obtain explicit consent for collecting or using sensitive data or for collecting or using minors’ personal data. The changes also include the assessment of the adequacy of vendors’ privacy and security to include deletion or return of data at the end of a contract.
Data Center Connectivity and Security Issues
Data center connectivity has a significant impact on network security. Here are 9 issues for network security and data center connectivity:
- Unauthorized Access: Data centers are often the target of unauthorized access by hackers. This can lead to data breaches and identity theft.
- Vulnerability Exploitation: Network vulnerabilities, such as outdated software or weak passwords, can be exploited by attackers to gain unauthorized access to the network and cause damage.
- Cyberattacks: Data centers are also vulnerable to cyberattacks. These attacks can damage or destroy data, or even shut down entire data centers.
- DDoS Attacks: Distributed Denial of Service (DDoS) attacks can be launched by cybercriminals to overwhelm network resources and disrupt network connectivity, leading to downtime and loss of revenue.
- Data Loss: Data loss can occur due to a variety of factors, including hardware failure, software errors, and human errors. Data loss can be costly and disruptive.
- Insider Threats: Insiders, such as employees or contractors, can pose a significant threat to network security by intentionally or unintentionally leaking sensitive information or introducing malware into the network.
- Compliance Violations: Data centers must comply with a variety of regulations, such as the General Data Protection Regulation (GDPR). Compliance violations can result in fines and penalties.
- Reputational Damage: Data breaches and other security incidents can damage a company's reputation. This can make it difficult to attract and retain customers and employees.
- Network Traffic Monitoring: With data center connectivity, it becomes critical to monitor network traffic to detect and prevent any potential security threats, such as unauthorized access, malware, or hacking attempts.
Data Center Knowledge said that the cybersecurity landscape is constantly evolving with new categories of threats arising as bad actors learn new ways of launching hiding attacks. The publication said these will be the top 5 data center security risks for 2023:
- Overstretched Cybersecurity Personnel: Cybersecurity teams are overstretched and increasingly prone to burnout and they tend to be understaffed.
- Ransomware Will Grow Less Prevalent: The good news is that ransomware attacks are projected to decline but the bad news is that the decline could be because threat actors are launching more sophisticated, purposeful attacks that have a higher chance of success and are harder to defend against.
- Attackers Eluding Traditional Data Center Security Protections: Data center security teams will need to work harder to stop threats as bad actors are becoming more adept at evading traditional security protocols.
- Growing Data Center Compliance Challenges: As we said above, compliance regulations continue to grow in complexity and this becomes a threat to data center security if procedures are not put into place to meet compliance requirements.
- Physical Data Center Security Risks: While cybersecurity threats get the headlines, there is an increasing physical threat to data center security with HVAC systems, power supplies, and other critical resources being targeted.
Data Center Connectivity and Data Privacy Concerns
Data center connectivity is about storing, handling, and transmitting data, and there is an increasing spotlight on data privacy concerns including:
- Data Misuse: Data misuse can occur when data is used for purposes other than what it was originally collected for. This can lead to identity theft, fraud, and other problems.
- Data Breaches: Data breaches can occur when data is accessed by unauthorized individuals. This can lead to identity theft, fraud, and other problems.
- Data Retention: Data retention refers to the length of time that data is stored. Data should be stored only for as long as it is needed.
- Data Disposal: Data disposal refers to the process of destroying data that is no longer needed. Data should be disposed of securely to prevent it from being accessed by unauthorized individuals.
- Data Transparency: Data transparency refers to the way that data is collected, used, and shared. Data should be collected in a transparent way and users should be informed about how their data is being used.
- Data Encryption: Data encryption is critical to protect data privacy, and businesses must ensure that encryption algorithms are up to date and implemented correctly.
- Data Processing and Sharing: Data processing and sharing should be regulated to ensure that sensitive data is not shared with unauthorized entities or used for unauthorized purposes.
- Third-Party Access: Third-party vendors and contractors often require access to data center resources, and businesses must ensure that access is granted only to trustworthy entities with appropriate security protocols in place.
Data center connectivity is a critical part of digital infrastructure with data centers increasingly challenged to look after both network security and data privacy.