Last month AFCOM the world's largest data center industry association released the results of its 2009/2010 Data Center Trends survey offering perspective on and insights about the major issues and trends involving 436 commercial, government and college or university data centers throughout the world. In an article posted on eWeek regarding the results of that survey, AFCOM stated that "most of its member clients aren't prepared nearly well enough for a sophisticated cyber-attacker-or even if an unsophisticated hacker-decides to target them."
The survey went on to find that 61 percent of respondents stated that they see cyber terrorism as a threat that needs to be addressed. However, only about 33 percent of data center managers actually have included it in their disaster recovery plans. In addition, only about 25 percent stated that they have addressed cyber terrorism in their policies and procedures manuals.
As the world currently works through the economic crisis that was caused by a significant loss of confidence in banking systems, we see the potential impact of a cyber attack on that piece of our infrastructure. A well planned, simultaneous attack targeting multiple primary data centers could disrupt the national infrastructure and global economy. Many basic security and risk management controls are missing.
They went on to say that contrary to public opinion and media hype only 15 percent of data centers have deployed cloud solutions to date. In that same AFCOM report, 40 percent of all data centers are still using at least one mainframe and about one-third of all data center managers with mainframes who plan hardware upgrades in 2010 will replace them with rack servers. Currently some 80+ percent of data centers perform background security checks on all potential new employees.
It is time organizations move to security their information assets that today are said to make up over 80 percent of an organization's value. Data center managers and IT executives must develop and implement a comprehensive set of policies, procedures and security measures particularly those in and industry segment that are at high risk of experiencing cyber attacks from activists, terrorists, criminals and rogue nation states.