In part one of this series, I highlighted the first five of what I think are the top 10 underutilized or less understood data center security best practices. To recap, those were:

  • Physical security and surveillance technology

  • Security consultants

  • Monitoring data center health

  • Security information and event management (SIEM) software

  • Configuration control and management


Now, I’d like to present the remaining five:

  • Enduser education. Enduser education is a sorely underutilized method of securing an organization’s data. The numbers consistently show that a majority of attacks actually originate inside the organization, such as an employee falling victim to a phishing scheme that introduces malware on the network, DDoS attacks, or accidental enduser errors that stem from an inadequate understanding of potential security threats.

Of course, endusers don’t want or mean to cause problems; they just don’t always understand what they’re doing and how one action today can cause trouble tomorrow, the next day, or even a month from now. At the end of the day, organizations are only as strong and secure as their weakest link. As more and more enduser devices get added to the corporate network through workplace trends like BYOD, BYOA, and IoT, it’s in every company’s best interest to properly educate their endusers about the impact new devices like wearables or personal devices (tablets, e-readers, etc.) can have on overall security. IT departments should be proactive and transparent about flagging security vulnerabilities that could be exacerbated by enduser activities, such as using company email on a smartphone OS that requires a security patch, or accessing a social media profile with a password that may have been part of a larger breach.

  • Patch management. Software patching needs to be done proactively, not merely as a reaction. Here are a few specific tips to get started with a proactive patch management strategy:

  • Keep an eye out for security vulnerabilities

  • Identify the impact of cyber threats on unpatched software

  • Prioritize patches by rolling out a batch of critical patches at once could break something in the network, and pinpointing root causes in such a situation is difficult

  • Create contingency plan in case something does break during a patch process

  • Test your patches in a lab environment before rolling them out globally

  • Patch frequently used systems first

  • Assess the post-patch status of updated systems

  • It can also help immensely to have patch management software to automate and simplify many of these processes


Web filtering. Ransomware is and will continue to be a great concern for enterprise data centers. Data center managers should engage network teams to block known ransomware sites through web filtering, either manually or with a third-party software tool. If an infected machine is not allowed to make its call, the chances of ransomware locking and/or destroying your data is greatly reduced.

This is an important element of enduser education as well, since a user’s computer would be protected internally, but as soon as they leave the premises and connect to the internet, their device would make the call. Getting out in front of this with enduser education, plus a software tool that alerts administrators to a call out, will go a long way.

Anti-malware. Okay, okay, I know, or at least hope, that most data centers have some form of anti-malware protection already. However, it’s just a good practice to make sure that it’s implemented properly and protected from being stopped or turned off. It’s not a bad idea to set up a group policy object that will prevent users or lower-level administrators from turning anti-malware off.  The last thing anyone wants is a security incident on their shoulders because the anti-malware software was mistakenly (or purposely) turned off or otherwise disabled. 

Accountability. Accountability may seem like an odd fit for a list of security best practices, but if you think about it, any such list is really incomplete without it. Accountability breeds a feeling of ownership, and that feeling of ownership leads to commitment — commitment to keep the data center and its treasured contents safe from threat. That results in everyone on the IT team making sure they’re doing their very best and aligning behind a single goal when it comes to security. It also helps create a healthy dialogue around security within the department.

Well, there you have it. As I mentioned previously, this list is not intended to be comprehensive. Rather, these are the top ten data center security best practices I think are either underutilized or less understood, but that if implemented, will help strengthen a defense in depth data center security strategy. And remember, as I closed with in part one, when it comes to data security, “Never assume you are done. There is always more that can and should be done to keep your data secure.”

Words to live by.