Intel menu +
×

Yondr Intel  /  General  /  Yondr’s framework for failsafe security

Thoughts:
Yondr’s framework for failsafe security

Written by: Jim Busby & Paul Streetly / at Yondr

Thoughts:
Yondr’s framework for failsafe security

Written by: Jim Busby & Paul Streetly / at Yondr

Data centers are now part of our critical infrastructure. They are integral to the daily operations of government, business and society at large, as important to our lives as energy and water supply. If a data center goes down, so does lots of vital functionality.

Today, data is arguably more valuable than oil, due to the insight and knowledge that can be extracted from the raw material, not to mention the harm that can be done with data in the wrong hands.

And, if your clients are high net worth organisations with global reach, you can soon see yourself the target of an attack – cyber or otherwise.

As such, they must be secure.

At Yondr, security is paramount to protecting uptime and people’s personal data. It’s a core requirement and a key selling point for our clients. If we fail to deliver on our security promise even once we could lose our reputation, our clients and any potential new business.

We’re not going to let that happen.

We’ve created a market-leading approach to security that continuously improves best practice and sets new standards for the industry.

But before we can share that with you. Let’s take a quick look at the challenges we’re up against.

The five types of data center threat

Physical crime
Assault, threat, burglary, criminal damage and kidnap. Which, although uncommon in the UK and Western Europe, are much more prevalent elsewhere.

Unlawful protest
While lawful protest by definition is not a perceived threat, unlawful protest can create all kinds of problems for data center security. Furthermore, the digital era beckons a new age of ‘hacktivism’ alongside traditional in-person protest. This makes it even more important for security teams to be aware of the current social and political climate in any given location.

Terrorism
A direct terrorist attack on a data center would be rare, though we must still defend against it. What is more likely to happen is an attack somewhere near to one of our sites, in which case we must have measures in place to ensure the safety of our site and its people. An attack may also change the behaviour of the general public, so it’s vital we are prepared to respond and adapt to such a change.

Commercial
If a company unlawfully obtains designs or other information for commercial use, it undermines the value we add for clients, and raises questions around data protection. And while some people might consider this a rare occurrence, it happens more often than you’d think. This shouldn’t be overlooked, and it’s one of the reasons why we emphasise the importance of reputational security alongside physical and cyber.

Geo-political
There may be places in the world we choose to go that are facing political and regional tensions, often with neighbouring countries. If we enter an environment where there’s state-sponsored activity or a major conflict, we need to be aware of how it could affect the entire organisation. Threats of this nature range from military action to a state-sponsored cyber attack.

Four key features for airtight security

In order to address the five types of threat, we need a range of strategies and activities to protect our clients and their data, and ensure we can operate safely.

Prioritised from day one
We perform security risk assessments on potential new sites to identify what’s surrounding us, what sort of distance from the main road we need and other potential risks the location has. This also helps us understand the nuances of a location, such as crime rates, proximity to warzones or other potential geographical dangers.
After a site has been selected, security is knitted into the fabric of the building throughout the design stage. We use local talent as often as we can to make sure we have regional expertise on the team and additional knowledge on localised threats. Physical and cyber security systems are woven into every element of a campus. It’s never an add-on or an afterthought.

Location-specific solutions
We work with a standardised security model, which is fully adaptable to the geographical, social, and political challenges of a specific location. One step we’re taking to ensure we have a holistic understanding of our sites is to use drone technology to monitor the surrounding area, and take a birdseye view on potential threats.

And our duty of care goes beyond our specific location.

What is happening in the half a mile / kilometre from the perimeter fence provides us with essential information about nearby threats that could affect our security. For example, a terrorist attack just outside our perimeter will impact our security strategy, even if it isn’t happening on our site. And while we can’t change what happens in the surrounding area, there’s always a way to mitigate the risks that might occur.

Industry standards are bettered
As technology becomes increasingly intelligent, and potential threats grow more complex, we’re always on the lookout for cutting-edge solutions.

One of our favourite activities is red teaming, an attack simulation carried out by third party specialists. They are designed to test how well an organisation’s people, security systems, and physical security controls would fare against a real attack.

We love red team assessments. They keep us sharp and expose any areas of vulnerability in our technology, people, or physical infrastructure.

New threats emerge all the time in our industry and we must be prepared to defend against them. Individual locations face their own political, geographical, and social challenges, and we must be flexible to cater for their unique requirements. Regular, rigorous, red team assessments let us make continuous improvements and remain equipped to withstand the latest threats.

The AIC approach
Applied across the entire security ecosystem, the ‘A’ stands for availability and refers to the availability of our systems and hardware for what’s called ‘the five nines’. This means security systems, networks and hardware will be available 99.999% of the time. They won’t be brought down by power failures.

The ‘I’ is for integrity and refers to the integrity of the data we keep. This means maintaining the consistency, accuracy and trustworthiness of data over its entire time with us. We must make sure data isn’t corrupted in transit or altered by unauthorised personnel.

The C stands for confidentiality. We keep vast amounts of highly sensitive information and the theft or destruction of this information could be devastating on a global scale.

These behind-the-scenes efforts are what makes our security service so seamless, so discreet, and trusted by clients globally. The AIC approach also protects us from commercial threats, meaning our bespoke product and service can’t be replicated by competitors.

We test new ideas tirelessly, because every day should feel like business as usual for our clients. And while the threats continue to evolve, our expertise grows with each new challenge we face, confirming that the future of your data is safe in our hands.

Seamless data center project delivery starts with a health and safety mindset
There’s one question every client asks us before starting a project: Why should we choose you over the competition? Here’s how we answer that: At Yondr, our speed to delivery is lightning quick. We have extensive in-house capabilities. We’re home to some of the most skilled and experienced people in the industry. 
The right way to approach virtual deals
And there it is! The perfect spot. You could point to it on a map. That’s where we’ll build your data center. If only it were as easy as that...
Setting sail: The astonishing skill and strength of character needed to compete in a solo race around the world
Yondr is sponsoring sailor Pip Hare to compete in the Vendée Globe race, one of the world’s toughest endurance events. We asked Pip to share her story as she enters her final weeks of training for what promises to be an incredible journey. Over to you Pip!
Peter Jones, talks European data center market with DatacenterHawk
Yondr’s CDO, Pete Jones, sits down with David from DatacenterHawk, to share thoughts on the data center market in Europe.
From apprentice to global operations director — how an apprenticeship changed my life
Born and raised in London’s East End, I definitely wasn’t the smartest kid. I applied for 50-odd positions and was granted three interviews, one of which was for a technician’s apprenticeship with the Post Office.
Critical spaces from scratch in a year – how Yondr does it
There’s no such thing as being a single moment late. If a data center isn’t completed on time, it will be delayed for months or there will be serious consequences for other projects no amount of money can fix. 
A different approach
Now, we all know there’s nothing sexy about data center operations. And you only hear about operations when something goes horribly wrong. So as we manoeuvre through the pandemic, whatever the crisis throws at us, we know any new processes and procedures we introduce need to remain simple. 
The pace of hybrid adoption
The paper sets out the very clear and compelling case for hybrid cloud adoption and recommends how companies and teams need to evolve to get their decision making right, choosing which workloads to put where, when the fork in the road arrives.
What clients are asking now
We are now several weeks into COVID-19 lockdown measures. The initial wave of enforced changes to work and living routines is behind us, and the world is slowly adjusting to the idea that we’re in this for the long haul.
My first 30 days of COVID-19
It was a fast decision made by the senior leadership team on the day, based on the facts we had. We pushed it out via all our internal channels. We recorded a video explaining the decision, sent everyone an email, published blog posts and sent SMS messages, so everyone knew. With 20/20 hindsight, I’m glad we did.
PTC 2020 Honolulu
Yondr attended the Pacific Telecommunications Council in Honolulu, Hawaii for the first time this year. As venues go, this was one we were quite excited by!
DICE Local – data center investment conference
Infrastructure investors are in part expanding their scope to support the sector, but not in full. This is proposed as being owed to infrastructure such as roads, tunnels and bridges with “tolls” going one way...in data centers, we typically pay penalties for poor performance.
Microsoft’s take on health and safety
Just out of a great session at DCD Dallas by Doug Mouton of Microsoft that was short, sweet and undeniably compelling. 
Real estate change…does it have to be hard?
Picking up a copy of the FT while travelling back from Asia last week, I was struck by the notion of the editor. To secure the front and back pages, and inside cover with an announcement that our system and markets need to change deeply resonated with me.
DCD Singapore: Yondr’s first foray in Asia
Having just returned from a week in Singapore I am now taking stock of the talks, meetings and people I met over the last few days.
DCD Singapore – sustainable data centers
The provision of a recognised scoring system for data centers (such as LEED) could be a ‘powerful’ (very poor pun) addition to our sector. We as developers, operators, builders and tenants must embrace such initiatives.
Microsoft’s take on energy
Ever wondered how hyperscale end users see the energy world? I was lucky today to get some great insights today from Jim Collins at Microsoft during his fireside chat at DCD San Francisco.

Like what you see?

Don’t miss out on future Intel. Sign up now to receive our latest content straight to your inbox.