Data theft, the armed variety

Data theft, the armed variety

Summary: Computerworld chronicles the tale of Web hosting firm C I Host Inc. and details how its data center was robbed.


Computerworld chronicles the tale of Web hosting firm C I Host Inc. and details how its data center was robbed. Meanwhile, the technology manager working the graveyard shift was held hostage as the robbers stole computer equipment.

The story's point can't be more clear: Data centers aren't as secure as you think.

While data centers do focus on physical security most of us think information security is about hackers and this spy vs. spy game sans violence. Maybe that perception is wrong.

For the Christopher Faulkner, CEO of C I Host, the incident was an eye opener that outlined how security is changing. In general, data centers don't have metal detectors and bomb-detection systems and physical security isn't front and center.

The story is definitely worth a read, but the big takeaway is this: Enterprise physical and information security policies will merge it's just a matter of time. Perhaps worrying about physical security at data centers is alarmist, but do you really want to take the chance. Why hack into a data center when you can just bust in and take a few servers?

Ultimately, IT needs to get to a point where there's one security dashboard that integrates data protection, video cameras throughout a building and physical security. These incidents may speed up this information/physical security meld.

Topics: Data Centers, Hardware, Security, Storage

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • As I have always said... can take whatever data security measures you want, if undesirables are able to obtain physical access to the machines then all of your data security are, at best, a delay or, at worst, completely worthless.
    • Actually you could still have secure data...

      even if they took the servers, it just takes some small changes in how the data is saved on the hard drive.

      As far increasing physical security, if someone wants in they will get in, with this incident here, the data center would have had to have armed guards 24X7.
  • This is not a revelation

    That's why physical security is one of the ten domains of knowledge in the CISSP. Physical security has ALWAYS been an integral and important part of defense in depth. This is nothing new. You should act so surprised, and write like this is some great revelation. If it's a new concept to you, then maybe you shouldn't be writing about security.
    • Of course it is

      But honestly how many companies look at physical and data security? The two roles are typically two silos. You seem to assume everyone follows CISSP to the letter. You can have knowledge of something and not follow it.
      Larry Dignan
      • You're right, of course

        And people are surprised when their cars are stolen after they've left the keys inside, the car running, and a baby in the back seat.

        I agree the story has to be told, and that many companies do not follow known good practices for protecting their data assets. My criticism was of the flavor of the article, which came across to me as OhMyGoshWeNeverThoughtOfThat!

        In my original comment, I meant to type "You should NOT act so surprised, ..."
  • Computerworld has a bigger story

    mySQL appears to be unaffected at this point, but it's a
    wake up call for those not validating their imputs
    Len Rooney
  • Make the data worthless

    Seems the wrong approach trying to build better castles - CISSP's should be made to read history as well. Why not have a system where the data isn't of any use to attackers? Easier. While you're at it remove the need for any personal data at all. Someone is doing it.
    We are allowed to ditch what we're doing if it's a bad idea - and the current e-commerce systems are just plain stupid.
    Sellers and financials have just become accustomed to stealing everyone's personal data and then letting others steal it from them, urged on by disfunctional advertising executives with the delusion that they can push what they want at everyone.
    See 'new paradigm'