The document discusses the security challenges faced by an IT manager, including physical security of the building, data security, and access to systems. It outlines issues with the current setup such as easy access to servers, infrastructure problems, and being in a location potentially targeted by terrorists. The document proposes moving to a secure, third-party data center with better physical and data security controls to host infrastructure as a service for the company's private cloud needs. This would improve security of servers, backup solutions, firewalls and user access management.

1. Our Global
State of Mind
Dealing With My
Insecurities About
Security
Mark Evans, IT Manager
Dealing With My Insecurities About Security 23 July, 2012

2. The Challenge
• Physical security
• Data security
• Access security: systems
Dealing With My Insecurities About Security 23 July, 2012

3. Physical Security
Dealing With My Insecurities About Security 23 July, 2012

4. Physical Access
Issues
Dealing With My Insecurities About Security 23 July, 2012

5. We could use this for…
Dealing With My Insecurities About Security 23 July, 2012

6. … a film set!
Dealing With My Insecurities About Security 23 July, 2012

7. We could use this space for…
Dealing With My Insecurities About Security 23 July, 2012

8. … a concert by JLS!
…who?!
Dealing With My Insecurities About Security 23 July, 2012

9. Environmental
Issues
Dealing With My Insecurities About Security 23 July, 2012

10. Millennium Point
Dealing With My Insecurities About Security 23 July, 2012

11. London – MI5
Dealing With My Insecurities About Security 23 July, 2012

12. Birmingham - MI Foive
Dealing With My Insecurities About Security 23 July, 2012

13. Terrorist target?
Dealing With My Insecurities About Security 23 July, 2012

14. Public Access
Dealing With My Insecurities About Security 23 July, 2012

15. Very open-plan…
Dealing With My Insecurities About Security 23 July, 2012

16. Infrastructure
Issues
Dealing With My Insecurities About Security 23 July, 2012

17. Openreach service and repair
Dealing With My Insecurities About Security 23 July, 2012

18. Leaking roof!
Dealing With My Insecurities About Security 23 July, 2012

19. Sprinkler system…
Dealing With My Insecurities About Security 23 July, 2012

20. Physical security challenges
• Access issues
– Filming
– Concerts
• Environmental issues
– Terrorist target
– Neighbours (ThinkTank museum, various universities, colleges)
• Infrastructure issues
– Openreach
– Leaking roof
– Sprinkler system
Dealing With My Insecurities About Security 23 July, 2012

21. Data Security
Dealing With My Insecurities About Security 23 July, 2012

22. Access to servers
Dealing With My Insecurities About Security 23 July, 2012

23. Next step?
?
Dealing With My Insecurities About Security 23 July, 2012

24. Access to backup
media
Dealing With My Insecurities About Security 23 July, 2012

25. Data Security
• Access to servers
– Far too easy
– Insecure
– Expensive to remedy within the building
• Access to backup media
– How near is “far enough away”?
– Rapid response?
– How secure is the repository?
Dealing With My Insecurities About Security 23 July, 2012

26. Access security:
systems
Dealing With My Insecurities About Security 23 July, 2012

27. Vendor security
Dealing With My Insecurities About Security 23 July, 2012

28. VPN
Dealing With My Insecurities About Security 23 July, 2012

29. Access security:
systems
• Not considered a major issue except:
– More access via the internet
– Seek to deprecate VPN for non-IT staff
Dealing With My Insecurities About Security 23 July, 2012

30. Concept and
Realisation
Dealing With My Insecurities About Security 23 July, 2012

31. Wish list
• Physical Security
– Secure physical location
– Infrastructure issues eradicated
• Data Security
– Access to servers secured
– Access to backup services and media improved
• Access security - systems
– Meet current standard / improve where
practicable
Dealing With My Insecurities About Security 23 July, 2012

32. XaaS..?
• SaaS
– No real “fit” in terms of software provision
– Data location?
• PaaS
– Off-the-shelf software
– Very little in-house development
• IaaS
– What we have, but somewhere else!!!
Dealing With My Insecurities About Security 23 July, 2012

33. An aside…
• Overturning the London-centric
orthodoxy…
• “We can proudly boast that we have a
data centre in Canary Wharf…”
Dealing With My Insecurities About Security 23 July, 2012

34. Why Canary Wharf for data centres?
Terrorist threats..? IRA, 1996
Olympic missile testing ‘achieved its objectives’ –
Metro, 12th June, 2012
'No guaranteed security' for Olympics says head
of MI5, Jonathan Evans –
The Independent, 26th June, 2012
Dealing With My Insecurities About Security 23 July, 2012

35. Why Canary Wharf for data centres?
Dealing With My Insecurities About Security 23 July, 2012

36. Wish list
• Physical Security
– Secure physical location
– Infrastructure issues eradicated
• Data Security
– Access to servers secured
– Access to backup services and media improved
• Access security - systems
– Meet current standard / improve where
practicable
Dealing With My Insecurities About Security 23 July, 2012

37. Requirement
• Purpose-built, third-party data centre
hosting for IaaS private cloud
services
– Physical security
– Data security
– Systems access security
Dealing With My Insecurities About Security 23 July, 2012

38. Physical Security
• Secure physical location?
– Third-party datacentre with biometrics, swipe
cards, 24-hour security
• N+1
• Datacentre is not a known terrorist
target(?!)
• Tier 3 design
• Multi-meshed MPLS network
• VESDA fire detection
Dealing With My Insecurities About Security 23 July, 2012

39. Data Security
• Access to servers
– Via appointment, requiring photo id
– UK-based - Yorkshire(!)
• Self-contained backup solution
– Managed backup solution as service add-on
Dealing With My Insecurities About Security 23 July, 2012

40. Access Security:
Systems
• Managed firewall
• RLB application of Microsoft Unified Access
Gateway
• SSL connections to internet-facing sites
• Active Directory
Dealing With My Insecurities About Security 23 July, 2012

41. Rider Levett Bucknall
• IaaS Private Cloud
• Hosted Exchange 2010
• MPLS Network (UK)
• Central services (Document Management
System, Finance system)
• SaaS HR system, mail branding
• Serving global colleagues
Dealing With My Insecurities About Security 23 July, 2012

42. And… relax..!
Dealing With My Insecurities About Security 23 July, 2012