We all have that one server—you know which one. It’s been running since 2003, mounted on a rack in a closet somewhere, desperately end of life, and yet somehow still the lynchpin for a dozen critical systems. If you know what we’re talking about, it’s probably time for some data center consolidation. Best practices in this scenario, however, aren’t as simple as recycling some old servers and uninstalling some programs. Doing it wrong can be a real security risk.
There are a number of reasons why one would consolidate a data center. You could just be getting rid of obsolete hardware, but you might also be merging with another company, or trying to cut costs by booting your infrastructure into the cloud. Each of these scenarios has its own special brand of risk. Here’s how to do it right.
One Man’s Trash is Another Man’s HIPAA Violation
When you throw something away, you usually don’t expect it to come back to you. Data center consolidation best practices, however, require something a bit more extreme. We know that most of you are probably aware that a server hard drive should be both wiped and physically destroyed during disposal. On the other hand, a company was recently fined $125,000 for a HIPAA violation stemming from improper drive destruction.
Companies should also consider that hard drives are no longer the only major data storage component out there. SSDs, for example, don’t store data in the same way that hard drives do. One researcher recommends encrypting SSDs and then erasing them before physical destruction, in a method known as SAFE (Scramble And Finally Erase).
Mergers and Acquisitions? Check for Malware and Antivirus
Corporate mergers are another scenario where it’s best to heed data center consolidation best practices. In this case, it’s important to know if the infrastructure you’re merging with is as secure as your own. One important thing to note is that mergers typically happen faster than it takes to actually consolidate a data center and merge security practices. Have a contingency plan, and also an interim agreement for security cooperation with the other party.
Some constituents of the long term plan encompass management—now that there’s two sets of staff, who takes care of what? There’s also governance to consider—what assets go where? Without a comprehensive plan, chaos can rain. Some 40% of companies say that they’ve discovered a serious information security risk post-merger. Therefore, it’s important to do due diligence. Make a plan, test for vulnerabilities, and carefully review joint policy.
Here’s an example of what can go wrong when data center consolidation gets botched in the cloud: the MongoDB meltdown. Essentially, a common error made it possible for cloud databased to be publicly searched and archived. What happened next was ransomware… and lots of it. Moving your data to the cloud means exposing it to risk. Be wary.
No matter if you’re getting rid of servers, moving them to the cloud, or mixing them in with someone else’s, they’re going to need protection. Download our whitepaper, Security for the Next Generation Datacenter, to find out how to protect any data center without impacting day to day operations, no matter how you decide to store your data.