Data Center Operations
In this domain, we will discuss the data center operations in detail. We will also look into the permissions, recommendations, and requirements for end users, which are required to operate the end user’s cloud data centers efficiently.
Slide 4: Data Center Operations (Contd.)
Cloud security alliance has a cloud control matrix which is designed based on the industry specific standards and compliances. The cloud security alliance’s cloud controls matrix has a number of physical requirements based upon different standard and regulatory requirements. An important advantage of hosting specific applications is that, it makes the auditing process much easier. Additionally, service automation is enabled in reporting, logging, and publication of audit results.
Let us look at a few examples as illustrated in the table. A data center that houses health care specific applications must adhere to HIPAA (Health Insurance Portability and Accountability Act) compliance. This means, all the policies and procedures should be established according to the HIPAA compliance in order to maintain a safe and secure working environment. Since HIPAA is a policy, the control here is the security policy. Therefore, policies and procedures shall be established for maintaining a safe and secure working environment in offices, rooms, facilities, and secure areas.
If it is an application that focuses on card processing or payment like PCI DSS (Payment Card Industry Data Security Standard), the control here is with regard to user access. Users will not have direct access to information assets. Hence, the physical access to information assets and functions by users and support personnel shall be restricted.
Lastly, in the data center hosting a power generation application like NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection), there are several controlled access points. Tremendous care is taken to maintain safety by means of fences, surveillance, security patrols, etc. Hence, physical security perimeters (fences, walls, barriers, guards, gates, electronic surveillance, physical authentication mechanisms, reception desks, and security patrols) shall be implemented to safeguard sensitive data and information systems.