Latin America. While it is essential for data center operators to recognize and plan for operational threats such as extreme weather and energy grid instability, it is equally important to consider the human angle of new security threats caused by malicious attackers and geopolitical conflicts.
According to Amet Novillo, general director of Equinix for Mexico, emerging threats use new attack methods and take advantage of very sophisticated tools to breach the different levels of security, both virtual and physical.
"For Equinix, physical security and data protection is the basis of trust in suppliers and customers. We have the highest international standards and best practices that allow us to minimize threats. In addition to investing in new tools and innovation in cybersecurity at a global level," explained Amet.
What makes data centers a priority target?
Cybercriminals attack data centers for many different reasons. Some work on behalf of a nation or a political ideology, while others are inspired by personal economic gain. This begs a question: They could pursue those same goals by attacking other facilities and institutions, so why do so many of them attack data centers in particular?
The reality is that today data is the new currency of the digital world. Like the bank robbers of yesteryear, cybercriminals attack data centers because that's where the data is. Data center operators collect and manage an asset that has great value, and they must be prepared to protect it. This is especially true for a global colocation provider like Equinix.
In recent years, we have witnessed a significant increase in cybersecurity attacks targeting the data center industry. These attacks go beyond the data centers themselves; They also target supply chain partners, such as energy management and control systems companies. These attacks are highly sophisticated and follow patterns that suggest a high level of planning and coordination.
How can operators and regulators work together to solve the problem?
Regulators consider data centers to be critical infrastructure, as taking them out of service could harm the economy, disrupt communications, and endanger citizens. As a result, regulators often step in to ensure that data centers receive the protection they need.
Data centers must establish the right controls to defend against attackers, and they must also be able to demonstrate those controls to government regulators as well as business partners and customers. It's a complex task, but we know that it comes with the purpose of being the global platform where digital companies connect and aggregate data. As enterprise data continues to grow, both in volume and value, the threats faced by data centers are also increasing, and data centers are cooperating with government agencies to keep those threats at bay.
Responding to new threats with AI and cross-ecosystem collaboration
Attacks against data centers may become more widespread and sophisticated, but security tools are maturing. Specifically, it discusses how to implement AI-based security features to thwart attacks and keep customers' hosted systems and data secure.
AI models are only as good as the data they're fed to, and infoinsurance models are no exception. Threats are diverse and constantly changing, so you need a variety of sources of threat intelligence to help identify and protect against them. To obtain the necessary data, Equinix has created threat intelligence exchanges. These exchanges allow partners, both industry and government, to share their threat data. Collaborating with an ecosystem of partners will help everyone gain greater visibility into threat indicators and respond accordingly to mitigate them. Equinix is also a member of industry threat information sharing organizations, such as the IT-Information Sharing and Analysis Center (IT-ISAC).
As a global service provider, threats can start small and spread quickly, so it's important to consider all vulnerabilities. For this reason, it is key that suppliers and partners practice good cyber hygiene. It is preferable to avoid an incident in the first place, but in the unfortunate event that they become victims, it is necessary to collaborate to limit the impact. When an incident occurs, customers are going to have a lot of questions and concerns. It's important for partners to help demonstrate to customers that everything is being done to keep their data safe.
Become a trusted security advisor to customers
Customers are themselves a potential conduit to the data center's own systems. For this reason, the goal is to help customers identify gaps in their security posture.
When an issue is identified, we proactively reach out to customers to help them fix it. This could be something as simple as addressing password hygiene or applying multi-factor authentication when accessing our customer portals. Even these small steps can go a long way toward protecting our customers and, in turn, protecting ourselves.
It's also important to ensure that customers understand all the different ways that work is being done to keep their data protected. Data centers maintain a variety of regulatory and industry certifications to demonstrate adherence to industry best practices for cybersecurity.
To this end, Equinix provides a comprehensive report of all current certifications and provides a basis for customers to obtain the information needed for their own third-party compliance or risk management programs without having to ask us to provide them.
"Today, IT leaders leverage innovative technologies that involve AI to shape new data architectures. Technologies such as artificial intelligence, blockchain, and quantum computing are emerging as crucial pillars in the protection of data and systems. These advanced technologies promise to strengthen cybersecurity in unprecedented ways, providing more robust and adaptable solutions to face the growing threats in the digital world," Amet Novillo stressed.
