Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services -...
Transcript of Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services -...
![Page 1: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/1.jpg)
DatacenterasaserviceAninfrastructureforasecurecyberworld
![Page 2: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/2.jpg)
2
Agenda
• WhatisaDatacenter?• Internationalstandardsfor“bestpractices”onDatacenters• DatacenterTierLevels• Datacenterproject,implementation,operationandmanagement:
Aprovenmethodologyframework• DatacenterasaService- Vulnerabilities,threatsandrisks• DatacentersInfrastructuresArchitecturesinaCyberWorld• Datacentercyberattack– Realcasestudy• Themeaning,theimpactandthefutureofDatacentercertifications• Q&A
SEGURTIPauloBorges
©
90m
![Page 3: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/3.jpg)
3
Who is Paulo Borges?
BSIISO/IEC27001 – AccreditedimplementerBSIISO/IEC27001 – LeadAuditorPECBISO/IEC22301 – LeadAuditorPECBISO/IEC20000 – LeadAuditorPortugueseSecurityAgency – SecurityAuditorandAdvisorUpTimeInstituteATS – DatacenterSpecialist
30yearsofexperience:• InformationSystemsSecurity• RiskManagement• BusinessContinuity• InformationTechnologyarchitectureprojectsandmanagement• IBMPoweretIBMPureSystemsarchitectandauditor
Datacenters:• Strategy,businessplans,technicalsolutions,projectmanagement,
consultantandauditor• Certificationprocessmanagement
SEGURTIPauloBorges
©
![Page 4: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/4.jpg)
4
i-Governancia partnership
http://www.i-gouvernancia.com/
SEGURTIPauloBorges
©
![Page 5: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/5.jpg)
5
What is a Datacenter?SEGURTI
PauloBorges©
![Page 6: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/6.jpg)
6
What is a Datacenter?SEGURTI
PauloBorges©
![Page 7: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/7.jpg)
7
What is a Datacenter CAMPUS?SEGURTI
PauloBorges©
GESTÃODOCAMPUS
CLIMATIZAÇÃO
COMUNICAÇÕESINTERNAS
STAGING
EnergyProduction
CoolingProduction
ExternalCommunications
MMR– ‘MeetmeRoom’IXP– InternetExchangePoint
SafeworkplacesforcustomeremployeesTechnicalparkExternalperimeter
“BusinessContinuity”“Recreationalareas”“CrisisManagement”“ManagedServices- Outsourcing”
FacilitiesOperationsCenter
CoolingDistribution
InternalCommunications
LoadDockingStaging
EnergyDistribution
ITServersRoom(s)StorageRoom(s)
***ITServices***
Technicalpark– Internalperimeter
SecurityOperationsCenter
CampusPhysicalSecurity
![Page 8: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/8.jpg)
8RagingWire - North Virginia - USA
SEGURTIPauloBorges
©What is a Datacenter CAMPUS?
![Page 9: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/9.jpg)
9
What is a Datacenter CAMPUS?SEGURTI
PauloBorges©
Telefónica– Alcalá(Madrid)- Spain
![Page 10: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/10.jpg)
10PortugalTelecomCovilhã- Portugal
What is a Datacenter CAMPUS?SEGURTI
PauloBorges©
![Page 11: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/11.jpg)
11VivoTamboré – SãoPaulo- Brasil
What is a Datacenter CAMPUS?SEGURTI
PauloBorges©
![Page 12: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/12.jpg)
12
International standards for “best practices” on Datacenters projects
SEGURTIPauloBorges
©
![Page 13: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/13.jpg)
13
Datacenter Tier LevelsSEGURTI
PauloBorges©
![Page 14: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/14.jpg)
14
TierLevel
Redundancy DistributionPath ConcurrentMaintenance
Compartmentation ContinuousCooling
I No
Ncapacity
A No No No
II Yes
N+1capacity
A No No No
III Yes
N+1capacity
AandB
(Active-Passive)(Active-Active)
Mandatory No No
IV Yes
Nafter anyfailure
AandB
(Active-Active)
Mandatory Mandatory Mandatory
SEGURTIPauloBorges
©Datacenter Tier Levels - Requirements
![Page 15: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/15.jpg)
15
Datacenter Tier LevelsSEGURTI
PauloBorges©
![Page 16: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/16.jpg)
16
The UpTime Institute
https://uptimeinstitute.com/about-ui
SEGURTIPauloBorges
©
![Page 17: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/17.jpg)
17
Certifications around the world
https://uptimeinstitute.com/TierCertification/
SEGURTIPauloBorges
©
![Page 18: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/18.jpg)
18
Certifications around the world
Designdocumentscertification:• Englishwrittendocumentsaccordingtoaspecific
UpTimeInstitutemethodology• Notavailableforpublicannouncement
SEGURTIPauloBorges
©
ConstructedFacilitiescertification:• Tobeachievedwithin2yearsofDDcertification• OnsiteauditbyanUpTimeInstituteteam• Availableforpublicannouncement
OperationalSustainability:• Optionalcertification• Focusedonmanagementbasedonprocesses,procedures,
records,metricsandauditplans• CompatiblewithISOmanagementsystemmethodologies
![Page 19: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/19.jpg)
19
Certifications around the world
https://uptimeinstitute.com/TierCertification/
SEGURTIPauloBorges
©
![Page 20: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/20.jpg)
20
A Datacenter project, implementation, operation and management proven methodology
SEGURTIPauloBorges
©
![Page 21: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/21.jpg)
21
A Datacenter project, implementation, operation and management proven methodology
SEGURTIPauloBorges
©
![Page 22: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/22.jpg)
22
• Privatesystemsonprivateinfrastructures
• Privatesystemsonsharedinfrastructures• HOSTING - OnlyPower,CoolingandCommunications• COLOCATION - Typicallyincludesmanagedservices
• Sharedsystemsonsharedinfrastructures:o PaaS – PlatformasaService
(usedbyvirtualizedsystemsex:WebSitesandWebServices)o SaaS – SoftwareasaService
(usedbyApplicationsServicesex:SAPHANA,ORACLECloud,…)o CloudComputingSofwareServices
§ Private§ Public
Datacenter as a Service: Vulnerabilities, threats and risks
SEGURTIPauloBorges
©
![Page 23: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/23.jpg)
23
Datacenter as a Service: Vulnerabilities, threats and risks
SEGURTIPauloBorges
©
![Page 24: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/24.jpg)
24
Datacenter as a Service: Vulnerabilities, threats and risks
SEGURTIPauloBorges
©
• Persquaremeter• Perrack(s)• Percomputerroom
• Perreservedpower(Energy+Cooling)• PerkWh(Energy+Cooling)
• Pernetworkport• PerGbps
• Permanagedservicetype• Permanagedserviceconsumption• Permanagedservicecontract
![Page 25: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/25.jpg)
25
Datacenter as a Service: Vulnerabilities, threats and risks
SEGURTIPauloBorges
©
• AllDatacentersizes• Complexsystem• Requiresamanagementteam• NoITmanagement
![Page 26: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/26.jpg)
26
Datacenter as a Service: Vulnerabilities, threats and risks
SEGURTIPauloBorges
©
![Page 27: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/27.jpg)
27
Datacenter as a Service: Vulnerabilities, threats and risks
SEGURTIPauloBorges
©
![Page 28: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/28.jpg)
28
Datacenter as a Service: Vulnerabilities, threats and risks
SEGURTIPauloBorges
©
![Page 29: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/29.jpg)
29
SEGURTIPauloBorges
©
DCIM
BMS
Datacenter as a Service: Vulnerabilities, threats and risks
Poorintegrationincreasesrisk!
EnergyCooling
FireSecurityPhysicalSecurity
LightingAutomation
Communications
ICTCapacityPlanningICTTrendHistoryICTMigrationScenarios
![Page 30: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/30.jpg)
30
Datacenters Infrastructure Architecturesin a Cyber World
SEGURTIPauloBorges
©
![Page 31: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/31.jpg)
31
Datacenters Infrastructure Architecturesin a Cyber World
SEGURTIPauloBorges
©
![Page 32: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/32.jpg)
32
Datacenter as a Service: Vulnerabilities, threats and risks
SEGURTIPauloBorges
©
ICTExposuresICTVulnerabilitiesICTSecurityIssuesIPNetworksdesignRemoteAccess
IPnetworksintegrationIndustrialNetworksdesignNetworkProtocolsEventsandalarmsMaintenanceManagementIncidentManagement
![Page 33: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/33.jpg)
33
Datacenter as a Service: Vulnerabilities, threats and risks
SEGURTIPauloBorges
©
Vulnerability Threat RiskIdentification
Best practices
Typicaluse ofcommonIPnetworksandITservers
Common CyberSecurityattacksmaycompromisetheBMSand/ortheDCIM
• Dataloss• Dataintegrity failures• Remoteaccesstoautomation
servers• Remotecontroloffield
equipment(generators,chillers,electricalpanels,etc…)
Networkand ITsystemsphysicalandlogicalsegregationdedicatedtoBMSand/orDCIM
Useof “cleartext”IPcommunications
BMSand/orDCIMDDOSattacks.
Access tonetworktopologyschemas
• Remote accesstomanagementsoftware
• Stackoverflows• Falsealarms
Useof DigitalCertificatesforAuthenticationandEncryption
Useof SNMPtraffic ”Man inthemiddle”CyberSecurityattackstospecificequipment
Remotecontroloffieldequipment(UPS,PDU,ATS,etc...)
UseofSNMPV3withencryption
Lossofchronologicalsequenceofevents
Humanerror • Bad operationsdecisions• Incorrectorimpossible
diagnosis• Chainofincidents
UseofNTP StratumsystemwithUTCexternaltimestampreference
![Page 34: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/34.jpg)
34
Cyber Security for Datacenter
GESTÃODOCAMPUS
CLIMATIZAÇÃO
COMUNICAÇÕESINTERNAS
STAGING
EnergyProduction
CoolingProduction
ExternalCommunications
MMR– ‘MeetmeRoom’IXP– InternetExchangePoint
SafeworkplacesforcustomeremployeesTechnicalparkExternalperimeter
“BusinessContinuity”“Recreationalareas”“CrisisManagement”“ManagedServices- Outsourcing”
FacilitiesOperationsCenter
CoolingDistribution
InternalCommunications
LoadDockingStaging
EnergyDistribution
ITServersRoom(s)StorageRoom(s)
***ITServices***
Technicalpark– Internalperimeter
SecurityOperationsCenter
CampusPhysicalSecurity
SEGURTIPauloBorges
©
![Page 35: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/35.jpg)
35
Cyber Security for Datacenter
ExternalCommunications
MMR– ‘MeetmeRoom’IXP– InternetExchangePoint
Safeworkplacesforcustomeremployees
InternalCommunications
ITServersRoom(s)StorageRoom(s)
***ITServices***
SEGURTIPauloBorges
©
ExternalAccess
![Page 36: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/36.jpg)
36
Cyber Security for Datacenter
CLIMATIZAÇÃO
COMUNICAÇÕESINTERNAS
EnergyProduction
CoolingProduction
ExternalCommunications
MMR– ‘MeetmeRoom’IXP– InternetExchangePoint
Safeworkplacesforcustomeremployees
CoolingDistribution
InternalCommunications
EnergyDistribution
ITServersRoom(s)StorageRoom(s)
***ITServices***
SEGURTIPauloBorges
©
ExternalAccess
![Page 37: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/37.jpg)
37
Cyber Security for Datacenter
üMMT(MeetmeRoom)andIXP(InternetExchangePoint)üBMSandDCIM– DatabasesandmanagementfunctionsüMMS(MaintenanceManagement)– Accesstoinventoryitemsü IMS(IncidentManagent System)– Accesstoclientdataü EnergyandCoolingSystems– Remotepowerdownorchangeof“setpoints”
ü SecuritySystems– ToavoidthecollectionofevidencesüDatacenter imageandcredibility
SEGURTIPauloBorges
©
![Page 38: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/38.jpg)
38
Cyber Security for DatacenterSEGURTI
PauloBorges©
![Page 39: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/39.jpg)
39
1. Excessive exposure information :A manufacturer announced the installation of automation equipment on thisDatacenter with excessive information, including models, on theirs web site
2. The default IP addresses are posted on the equipment manual and were not modified3. The security system allowed Internet exposure of the automation network4. Using a "Man in the middle" attack to the vendor’s office, the cyber attackers accessed
the automation network (a specific segment with more than 800 temperature sensors)5. The .Set Point. of the temperature alarms were raised on the CRAC units6. Two hours after the servers automatically started to shutdown due to over temperature7. Five hours after the Datacenter management announced a service breakdown on the
international television channels
Datacenter cyber attack – Case study #1SEGURTI
PauloBorges©
![Page 40: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/40.jpg)
40
1. Large Datacenter with all the common ICT security controls (more than 800 racks)2. An USB pen drive was found on the service stairs leading to the Operations Center3. The USB pen drive was plugged “to see what was inside”4. Without operations control, a malware was installed in the DCIM using SNMP protocol5. 2 hours after, all the energy grid topology was recognized by the malware6. 6 hours after, half of the generators started to shutdown7. The power inverter to external energy source was not responding8. The UPS systems were reconfigured to retain 50% of autonomy, meaning that they only
allowed 30m of autonomy for critical loads9. One of the UPS systems collapsed after 10 minutes10. After 8 hours all the Datacenter had no energy sources available11. It took 3 days to recover the Energy Grid to normal mode
Datacenter cyber attack – Case study #2SEGURTI
PauloBorges©
![Page 41: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/41.jpg)
41
1. Define an Integrated Security System, possibly based on an ISO 27001 ISMS2. Identify risk levels on the Datacenters infrastructure design, possibly based on the ISO 31000
methodology3. Identify security controls for the Datacenter infrastructure based on a Risk Treatment Plan4. Check for technical solutions appropriated for the security controls implementation5. Create and manage a Business Continuity plan for the Datacenter infrastructure services, possibly
based on the ISO 223016. Create and manage an Incident Management System, possibly based on the ISO 20000 incident
management process7. Systematically train the team on such processes and security procedures8. Manage the Datacenter infrastructure according to the ”The UpTime Institute” Operational
Sustainability methodology9. Implement and systematically audit a BMS secure topology10. Have a continuous improvement security genetics properly spread within your team
Datacenter cyber attack – Best practicesSEGURTI
PauloBorges©
![Page 42: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/42.jpg)
42
The meaning, the impact and the future of Datacenter certifications
SEGURTIPauloBorges
©
![Page 43: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/43.jpg)
43
The meaning, the impact and the future of Datacenter certifications
SEGURTIPauloBorges
©
Validfrom3to5years
Validfor3years
Validfor2years
![Page 44: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/44.jpg)
44
The meaning, the impact and the future of Datacenter certifications
SEGURTIPauloBorges
©
![Page 45: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/45.jpg)
45
Q&ASEGURTI
PauloBorges©
![Page 46: Datacenter as a service · 2018. 6. 26. · “Crisis Management” “Managed Services - Outsourcing ... Create and manage a Business Continuity plan for the Datacenter infrastructure](https://reader036.fdocuments.us/reader036/viewer/2022071111/5fe601f8e7f44719236b9e1e/html5/thumbnails/46.jpg)
46
Thank you!SEGURTI
PauloBorges©