Why Data Centre Security MattersIn many organisations, the misalignment of logical security and physical security is a significant problem that needs to be resolved. Logical security controls can often be bypassed by having physical access to the equipment. At IO, we use all the security measures at our disposal to synergistically protect the data centre from every angle that a potential adversary might attack it.
Logical SecurityLogical security measures employed at IO include Alert Logic for as-a-service network, system, and web application security. In addition, the active directory within our enterprise resource planning (ERP) system, as directly managed by our customers through our portal, enables strict role-based access into IO facilities and networks for our customers and partners.
VisibilityAt IO, multiple feeds and metrics—captured in real time throughout IO’s facilities—monitor network activity at all points of ingress. These metrics are captured and reported 24xForever by an automated system solely dedicated to the task. By combining visibility into network activity at points of ingress with visibility from sensors monitoring the data centre environment, IO is better able to make real-time decisions to protect the network and the data centre.
Local MitigationAnomalous behaviors cause immediate alerts to be sent to IO.MissionControl, who investigates the event. Should action be warranted, IO.MissionControl can use mitigation systems to quickly and automatically minimise the event at the edges of our network. These mitigation systems protect the network infrastructure, which helps us provide the continuity of network services that our customers expect.
Global MitigationIO is a widely connected network by design, and this presents options that help us handle large DDoS events. By launching a global response to DDoS events, we initiate mitigation efforts beyond the edges of our network and up into our partner service provider infrastructures. We can scale across many provider networks in parallel, pushing the attack traffic further up the chain. In those ways, we’re better able to deflect attacks and provide continuity of service at all points.
UTI Tier 3 Design CertifiedAvailable in most of IO’s Data Centres, Tier III site infrastructure means that each and every capacity or distribution component necessary to support the IT processing environment can be maintained on a planned basis without impact to the IT environment.
SOC1 – Type 2Includes the design and testing of controls to report on the operational effectiveness of controls over a period of time.
SOC2 – Type 2Provides pre-defined, standard benchmarks for controls related to the security, availability, processing integrity, confidentiality, or privacy of a system and its information.
ISO27001 (in progress)ISO management system standards, certification to ISO/IEC 27001 is not obligatory. IO has this certification to benefit from its best practices in managing confidential or sensitive corporate information so that it remains secure, as well as providing reassurance to customers and clients that its recommendations have been followed.
UL 2755 ListingIndustry’s first-ever modular data centre safety certification ensures that components work together as a system ready for deployment.
TVRARequired by the Monetary Authority of Singapore (MAS), IO undergoes a Threat, Vulnerability and Risk Assessment (TVRA) every two years to identify security threats to and operational weaknesses in a data centre in order to determine the level and type of protection that should be established to safeguard the facility.
PROACTIS and Intesource
IO Rolls Out IO.OS® Software Editions that Address Customer Needs from Small Data Centres to Complex, Global Data Centre Networks
IO, the leading provider of next-generation modular data centre technology and services, today announced a new release of IO.OS, the premier secure data centre operating software.Read the Press Release
Data Centre 2.0 and Cyber Security, Part 1: Cyber Threats Now the #1 Enterprise Security Risk
In this first part of a three-part series written for the enterprise CSO, we’ll explore what cyber threats are and why they’re growing. In parts 2 and 3 we’ll explore the role the data centre plays in cyber security and why Data Center 1.0 is unequipped to deal with those threats; and how Data Centre 2.0 is the only way to ensure data security into the future.Read the Blog
Singapore Data Centre and Colocation Security
Security requirements for financial services firms are among the strictest security standards. In Singapore, data centre security requirements include ISAE 3402 compliance as well as the requirement by the Monetary Authority of Singapore (MAS) that all financial institutions complete a Threat and Vulnerability Risk Assessment (TVRA).Read the Blog