Unlocking Secrets to Compliance & Security in a Financial Data Center
Years ago, when someone asked if your money was safe, it conjured up images of heavily armed guards and floor to ceiling vaults with thick, shiny walls of impenetrable steel. Today, perhaps more so than money, it is data that needs to be protected. Hackers and cyber-attackers are out there 24/7/365 trying to steal data. And although not as nefarious, tightening government regulations, with penalties for non-compliance consisting of heavy fines and even jail, is a new reality. Welcome to the digital age, where compliance and security for financial data centers is priority one.
Make Anything Mission-Critical Your Mission
Your goal, first and foremost, is to make sure that mission-critical systems are protected always. Make sure there are best practices in place to protect physical security and IT infrastructure. The data center itself should employ a multi-layered operational approach, including secure perimeters, biometrics, visual identification and video surveillance. Even the location of the data center must be taken into consideration.
Financial data centers should always be:
· Preventing, detecting, and remediating risky communication between critical data center assets
· Segmenting assets to meet regulatory and internal compliance mandates
· Managing security consistently across multi-clouds
Bona Fide and Certified
The real deal for any financial services data center is certification, especially in the financial industry where technology is integrated into virtually every single financial transaction. Certifying organizations and trade groups create a continuous flow of relevant criteria by which data centers must comply. Certifications in these areas are critical: ISO/ IEC 27001,SSAE 16 (SOC 1 Type II), Type 2 AT 101/SOC 2 & 3, PCI DSS, FISMA-High, HIPAA/HITECH, Business Continuity and Disaster Recovery (BCDR), and TRUSTe.
International Organization for Standardization (ISO 27001) — an International standard providing a model for establishing, operating, monitoring, and improving an Information Security Management System (ISMS.)
Payment Card Industry Data Security Standard (PCI DSS) – created to meet the rising threat to individuals’ payment card information. Compliance with PCI DSS is mandatory for all organizations dealing with credit, debit and ATM cards including Visa, MasterCard and American Express.
Federal Information Security Management Act (FISMA) — all government agencies, government contractors, and organizations that deal and exchange data with government systems must follow FISMA compliance guidelines.
CyrusOne (NASDAQ:CONE) is a high-growth real estate investment trust (REIT) specializing in highly reliable enterprise-class, carrier-neutral data center properties. The company provides mission-critical data center facilities that protect and ensure the continued operation of IT infrastructure for more than 950 customers, including nine of the Fortune 20 and 180 of the Fortune 1000 or equivalent-sized companies.
CyrusOne’s data center offerings provide the flexibility, reliability, and security that enterprise and cloud customers require, and are delivered through a tailored, customer-service-focused platform designed to foster long-term relationships. CyrusOne’s National IX platform provides robust connectivity options to drive revenue, reduce expenses, and improve service quality for enterprises, content, and telecommunications companies. CyrusOne is committed to full transparency in communication, management, and service delivery throughout its 35 data centers worldwide. Additional information about CyrusOne can be found at www.cyrusone.com.