Many businesses are turning to the data center as a service provider to efficiently store and process their critical data. However, with this change comes a new set of security considerations, and companies need to be aware of best practices for protecting their digital assets.

Although partnering with a DCaaS provider can give a business access to much-needed physical infrastructure and management services, it is still essential to follow good cyber hygiene and vendor monitoring practices. Below, 20 Forbes Technology Council members share best practices to help businesses that leverage DCaaS ensure the integrity and security of their data.

1. Evaluate the value of your data

Start by evaluating the value of your data during storage and transmission, and make sure you understand the potential loss if your data is breached. This assessment helps determine the level of security required and what data is appropriate for the hosted environment. – Larry Walsh, Channelnomics

2. Encrypt data

Strong encryption is essential both in flight and at rest. As data travels between data centers and an application, it may bounce between any number of unknown and/or untrusted networks. Encrypting data as it travels over the network can successfully mitigate man-in-the-middle attacks and ensure that data remains secure no matter what route it takes. – Garima Kapoor, Minio

3. Review and clean your data list regularly

Start by carefully assessing the need to collect and retain personal data for your organization’s specific functions. Regularly review and update your data list to align with emerging compliance regulations, and remove unnecessary personal data to minimize vulnerabilities. This proactive approach enhances data security within the DCaaS framework while promoting compliance and customer trust. – Patricia Thain, Private AI

4. Implement regular cyber security training

Your experts need to practice and repeat their skills. Ongoing training and professional development is essential and should be embedded in the team’s culture. This includes engaging in regular cyber security exercises that mimic real-world scenarios to keep the team’s skills sharp. Ongoing training and education are essential proactive steps that enable a team to implement strong security controls. – Dara Warne, INE

5. Ensure redundancy, high utilization and regulatory compliance

When considering using a DCaaS provider to manage sensitive data, it is a best practice to ensure redundancy and high utilization. This guarantees uninterrupted operation during failures, reducing risks to the business and maintaining data integrity. Additionally, ensuring compliance with regional regulations and data security standards can keep sensitive information safe and help you maintain legal integrity. – Vineeta Rathi, Systango

6. Check for strong physical and digital security

A business using a DCaaS provider to store and process sensitive data must ensure that the provider has physical and digital security. Restricted access, compliance with standards and laws, network segmentation, threat protection and monitoring must all be in place. Data centers must securely erase data from servers at the end of life and provide a certificate of destruction. – Namrata Sengupta, Stellar Data Recovery Inc., DBA BitRaser

7. Prefer end-to-end encryption

Using a data center as a service provider for sensitive data? Prefer end-to-end encryption. It is important for data to be encrypted both in transit and at rest, making it unreadable even during breaches. Combined with frequent security audits, this approach creates a strong shield against potential breaches. – Imane Adel, Pemob

8. Make sure there are strict monitoring and access controls

It’s easy to lose sight of the digital aspects of security in data centers. But the reality is that no amount of cyber controls can keep data completely secure if the physical premises are not equally strengthened. Data centers are potential targets of unauthorized physical access and theft. It is important to ensure that they have tight monitoring and access controls. Continuous video surveillance is also important. – Alan Stoddart, IntelliScene

9. Treat the network as an insecure entity

In insecure settings, use caution in component trust. Consider the network as an insecure entity, like the Internet. It is important to note that control over hardware access is not guaranteed. Thus, you must employ end-to-end encryption for data both in transit and at rest, and use mechanisms such as X.509 certificates, as IP-based controls are inadequate. – Björn Kolbæk, Quobite

10. Consider a hybrid approach

Instead of relying solely on data centers, which can be cumbersome, consider adopting a hybrid approach. Leverage both on-premises and cloud storage as strategic solutions to balance security, cost management, maintenance, and scalability. This approach allows businesses that still want on-premises infrastructure elements to take advantage of cloud benefits like faster deployment and elasticity. – Muhi S. Majzoub, OpenText

11. Anonymize and store link keys on internal systems

Ensure that any link to the record remains anonymous and is never stored on the vendor’s hardware. Storing join keys externally is tantamount to disaster. All modern data managers must be acutely aware that their data is not secure; They should expect that data will be hacked, leaked and/or held for ransom. Anonymize and secure link keys to personally identifiable information only on audited internal systems. – Jamel Brown, First Orion

12. Evaluate risks in shared infrastructure

Be sure to review data center facilities as thoroughly as possible in advance, and include the right to an audit in any contract. Also, be aware that shared infrastructure also brings shared risks to your data; These may be due to lack of security on the part of other customers or the service provider. The security of your data is only as good as the service provider can offer. – Michael Ruppe, Adesso Schweiz AG

13. Review data center access controls

Data security is only as good as its weakest link. You can check the “Encryption at Rest” box, but it’s important to know who has access to those keys. Ensuring that controls are in place to prevent access to data in the data center is just as important as confirming how it is encrypted. If access to data is needed during a process, the keys need to be stored securely, and policies are needed for where they reside. -Jonathan Stewart, ZenSource

14. Map Sensitive Data

One of the first things to consider when using a DCaaS provider for sensitive data storage and processing is the mapping of sensitive data. With increasing expectations and regulations regarding data management, a business needs to be able to take action immediately, including (but not limited to) erasing and destroying data. If data mapping is not done then it will be very difficult to achieve that goal. – Sajan Gautam, Arvest Bank

15. Look for AI-based security

Make sure your security solutions rely on next-generation AI-based tools to deal with the increasingly sophisticated threats in the market. Platforms including WormGPT and FraudGPT have evolved to assist hackers in creating more convincing and hard-to-spot brand impersonation, phishing, and denial-of-service attacks. Even big-name security providers don’t always have AI-powered filters. – Rome Handler, Trustify

16. Keep a close eye on emerging industry standards

Staying updated when it comes to security – whether regarding the latest breaches or the latest standards – is one of the most important considerations. For example, several years ago, NIST revised its guidelines to allow users to create simple but long passwords, as these can be easier to remember (as opposed to requiring a mix of special characters, numbers, and letters. ). – Sapan Parikh, Incubite

17. Regularly audit the provider’s access rights and setup

Think about security processes – in particular, regularly auditing the DCaaS provider’s access rights and setup against best practices. Settings change, and technology improves. If you’re not proactively reviewing security groups, access, and configuration, you could be dealing with bigger problems reactively. – Brendan Howe, Techify

18. Beware of cloud encryption vulnerabilities

Don’t trust anyone. If the data is sensitive, whenever possible, it should be tokenized or encrypted before storing it in a third-party data center. While many cloud providers offer cloud encryption as an option, your data is still recoverable if there are cloud security policy errors or API keys are stolen from developers. These problems are common and can be mitigated by protecting your data before storing it. – Chester Wisniewski, Sophos

19. Demand compliance with recognized security frameworks

It is important to select a provider that conforms to a recognized security framework. Look for providers that adhere to standards like ISO 27001, which ensures strong information security management systems, and always look for a SOC 2 Type II report that validates the system design. PCI DSS is important if you are processing payments. Finally, always verify certifications annually. – Nolan Garrett, Torchlight

20. Ensure Remote Server Backup and Updated Servers

Remote server backup is required. We all remember the OVHCloud fire in 2021—most of their colocation customers lost all their data. Next, keep an eye on old server resources. Servers will no longer have security updates after their “end of service” date, and hackers take advantage of this to gain unauthorized server access. Finally, consider certification: look at NIST SP 800-53, HIPAA, PCI DSS, GLBA, SOC 1, and SOC 2. – Hristo Rusev, ScalaHosting