Yondr’s framework for failsafe security

By: Jim Busby & Paul Streetly

Yondr’s framework for failsafe security

Data centers are now part of our critical infrastructure. They are integral to the daily operations of government, business and society at large, as important to our lives as energy and water supply. If a data center goes down, so does lots of vital functionality.

Today, data is arguably more valuable than oil, due to the insight and knowledge that can be extracted from the raw material, not to mention the harm that can be done with data in the wrong hands.

And, if your clients are high net worth organisations with global reach, you can soon see yourself the target of an attack – cyber or otherwise.

As such, they must be secure.

At Yondr, security is paramount to protecting uptime and people’s personal data. It’s a core requirement and a key selling point for our clients. If we fail to deliver on our security promise even once we could lose our reputation, our clients and any potential new business.

We’re not going to let that happen.

We’ve created a market-leading approach to security that continuously improves best practice and sets new standards for the industry.

But before we can share that with you. Let’s take a quick look at the challenges we’re up against.

The five types of data center threat

Physical crime
Assault, threat, burglary, criminal damage and kidnap. Which, although uncommon in the UK and Western Europe, are much more prevalent elsewhere.

Unlawful protest
While lawful protest by definition is not a perceived threat, unlawful protest can create all kinds of problems for data center security. Furthermore, the digital era beckons a new age of ‘hacktivism’ alongside traditional in-person protest. This makes it even more important for security teams to be aware of the current social and political climate in any given location.

A direct terrorist attack on a data center would be rare, though we must still defend against it. What is more likely to happen is an attack somewhere near to one of our sites, in which case we must have measures in place to ensure the safety of our site and its people. An attack may also change the behaviour of the general public, so it’s vital we are prepared to respond and adapt to such a change.

If a company unlawfully obtains designs or other information for commercial use, it undermines the value we add for clients, and raises questions around data protection. And while some people might consider this a rare occurrence, it happens more often than you’d think. This shouldn’t be overlooked, and it’s one of the reasons why we emphasise the importance of reputational security alongside physical and cyber.

There may be places in the world we choose to go that are facing political and regional tensions, often with neighbouring countries. If we enter an environment where there’s state-sponsored activity or a major conflict, we need to be aware of how it could affect the entire organisation. Threats of this nature range from military action to a state-sponsored cyber attack.

Four key features for airtight security

In order to address the five types of threat, we need a range of strategies and activities to protect our clients and their data, and ensure we can operate safely.

Prioritised from day one
We perform security risk assessments on potential new sites to identify what’s surrounding us, what sort of distance from the main road we need and other potential risks the location has. This also helps us understand the nuances of a location, such as crime rates, proximity to warzones or other potential geographical dangers.
After a site has been selected, security is knitted into the fabric of the building throughout the design stage. We use local talent as often as we can to make sure we have regional expertise on the team and additional knowledge on localised threats. Physical and cyber security systems are woven into every element of a campus. It’s never an add-on or an afterthought.

Location-specific solutions
We work with a standardised security model, which is fully adaptable to the geographical, social, and political challenges of a specific location. One step we’re taking to ensure we have a holistic understanding of our sites is to use drone technology to monitor the surrounding area, and take a birdseye view on potential threats.

And our duty of care goes beyond our specific location.

What is happening in the half a mile / kilometre from the perimeter fence provides us with essential information about nearby threats that could affect our security. For example, a terrorist attack just outside our perimeter will impact our security strategy, even if it isn’t happening on our site. And while we can’t change what happens in the surrounding area, there’s always a way to mitigate the risks that might occur.

Industry standards are bettered
As technology becomes increasingly intelligent, and potential threats grow more complex, we’re always on the lookout for cutting-edge solutions.

One of our favourite activities is red teaming, an attack simulation carried out by third party specialists. They are designed to test how well an organisation’s people, security systems, and physical security controls would fare against a real attack.

We love red team assessments. They keep us sharp and expose any areas of vulnerability in our technology, people, or physical infrastructure.

New threats emerge all the time in our industry and we must be prepared to defend against them. Individual locations face their own political, geographical, and social challenges, and we must be flexible to cater for their unique requirements. Regular, rigorous, red team assessments let us make continuous improvements and remain equipped to withstand the latest threats.

The AIC approach
Applied across the entire security ecosystem, the ‘A’ stands for availability and refers to the availability of our systems and hardware for what’s called ‘the five nines’. This means security systems, networks and hardware will be available 99.999% of the time. They won’t be brought down by power failures.

The ‘I’ is for integrity and refers to the integrity of the data we keep. This means maintaining the consistency, accuracy and trustworthiness of data over its entire time with us. We must make sure data isn’t corrupted in transit or altered by unauthorised personnel.

The C stands for confidentiality. We keep vast amounts of highly sensitive information and the theft or destruction of this information could be devastating on a global scale.

These behind-the-scenes efforts are what makes our security service so seamless, so discreet, and trusted by clients globally. The AIC approach also protects us from commercial threats, meaning our bespoke product and service can’t be replicated by competitors.

We test new ideas tirelessly, because every day should feel like business as usual for our clients. And while the threats continue to evolve, our expertise grows with each new challenge we face, confirming that the future of your data is safe in our hands.

Get the latest news from Yondr