Your security is seldom more vulnerable than during a data center move, and not just because you’re moving expensive hardware. The files saved on your transitory servers are far more important and can pose a significant security risk if not handled properly. Irrespective of your company’s background, it is almost guaranteed that your hardware will be holding sensitive information like confidential medical records, financial information of your customers, or trade secrets about your business.
In the past few years, the frequency of data security breaches has skyrocketed. As criminals become more familiar with how to steal information from unattended computers, businesses are increasingly at risk to lose their private data files. Digital safety is no longer assured but must be fiercely protected by each business owner, lest their own business ends up as yet another warning for others.
Threats to digital security are not exclusively delegated to the outside, either. On the contrary, it may be even more likely for a disgruntled employee to choose a period of server relocation as the perfect time to express their displeasure and steal sensitive data.
Even if you are one of the lucky few who do not need to worry about security risks, HIPAA regulations require specific security procedures when transporting hardware with confidential data.
Regardless of your business or your unique situation, employing a thorough chain of command protocol while moving your data center will prove essential in protecting your private files, keeping your customers at ease, and complying with legal regulations enforced upon your industry.
What Is a Chain of Custody?
In layman’s terms, a chain of custody is the careful documentation and monitoring of who moves what objects and where they end up. When an effective chain of custody is implemented, there should be a clear record of who took what item, which can be invaluable information should anything not be in its proper place. When developing your chain of custody, you should make certain considerations depending on your industry and means of transportation.
The key to an effective chain of custody is the ability to monitor it periodically. A chain of command is much less beneficial if it only tells you who stole a product without allowing you to stop the theft.
When enforcing a chain of custody, the devil is most certainly in the details. To begin this process, first carefully document each item that is to be moved, then secure the items into sealed containers so that there can be no tampering. This documentation should include information like the carrier’s name and an ID number so that each individual device can be properly accounted for and, should something go wrong, the responsible party can be held accountable.
From there, the containers should be loaded into the truck, which should likewise be sealed with a padlock or similar locking mechanism. You will then want to place an anti-tampering seal (with a unique serial number) on the door and sign a document stating that, at this stage of the process, all items are accounted for and there has been no opportunity for tampering. This seal guarantees that nothing can be removed from the truck without your knowledge and the serial number ensures that the seal cannot simply be forged and replaced.
If the items are for any reason left in an insecure location or vehicle, then the chain of custody loses all impact. For this reason, it is essential that the servers are constantly within sight of the movers, except for the time spent in the back of the truck. Similarly, the truck must always be carefully watched by at least one of the movers to safeguard it against any tampering or theft.
When the truck reaches its destination, it is imperative that the back is not opened until a customer representative has arrived and can verify that the seal has been unbroken and the serial number is accurate. Because the chain of command’s validity hinges on this step, the back cannot be opened in transit except in cases of an automotive issue or a DOT inspection. In these cases, the mover must be familiar with how to preserve the integrity of the servers or the chain of custody loses all effect.
When you employ the services of reputable and professional movers, you can be sure that they will maintain the chain of custody and see to it that your servers reach their destination without incident.
How a Rigorous Chain of Custody Will Impact Your Move
The complex and detailed nature of a chain of custody means that your move will require additional time when transporting your essential hardware. It is essential to plan for this extra time when planning how long it will take between shutting down the computers for loading and rebooting them at their destination.
Additionally, you will need at minimum one extra person on staff during this time so that the moving company can constantly have an eye on your delivery. While this may increase the overall cost of labor, it will certainly be more cost-effective than the lawsuit of losing confidential client information or the loss of profit from having your business plans stolen.
When these extra precautions are taken, a chain of custody can ensure that the entire venture is performed smoothly and without any sort of incident.
Common Failures in Implementation
The chain of custody described above is all but impenetrable, but many businesses seek to cut corners in a misguided money-saving attempt. This lack of discipline opens up several opportunities for the chain of custody to fail and often results in severe consequences for the unfortunate business owner who refused to invest in proper security.
Hiring Cheap and Untrained Labor
One of the most common mistakes is to hire cheap and unreliable labor for the transportation of the data center. An untrained mover with little to no background in maintaining a tight chain of custody will invariably leave gaps in security for thieves to exploit. In this common situation, saving a few dollars in labor costs immediately translated to the loss of a company’s most private information.
In the worst-case scenario, untrained labor may mean that you aren’t even aware of a security breach until much later. You may use your transported servers as normal, only to find that your competitors have stolen your trade secrets. At that point, there will be no way to know when you lost the information and even less chance of stopping it from negatively impacting your business.
Yet another often-overlooked danger is the threat of internal sabotage. If the hardware to be transported is located in an office or business workstation, keep a watchful eye on the workplace that day. If you’ve recently noticed an employee who is upset with the management, make sure they don’t have an opportunity to tamper with the hardware. It would take remarkably little effort for them to steal or corrupt vital information if your server room is filled with workers or completely unattended.
Of course, there would not be much danger if every would-be thief were so easy to spot. Maintain vigilance, even in regards to staff with the appropriate security clearance, like IT workers. A move is an active and confusing time, and for someone with the right skills and reputation, it would be almost too easy to steal information and leave someone else to take the blame.
Because of the in-house dangers, many professional moving companies advise against granting employees access to equipment on the day of its transportation. If your moving company suggests this, listen to their warning. It is natural to feel insulted and defend the dependability of your staff, but this is not intended as a slight against your employees. The fact is that by taking a small preventative step now, you can significantly increase the quality of your security during a server relocation.
The takeaway from these horror stories should be to always listen to the word of a reputable and thorough moving company. It may seem like a large price to pay now, but you’ll find that it’s much preferable to having sensitive data files stolen from under your nose.
You should have a good idea of how to maintain a physical chain of custody when relocating your data center, but that is not the only step to reliable security. Even the tightest of security regulations would be unable to protect data that has been left on an errant server and left to sit on the curb after it has been replaced.
If you want to know that your sensitive files are completely safe, then your security cannot stop with protecting only the physical servers. Use reliable and internationally-approved data destruction software like ClaraWipe to ensure that your old servers aren’t filled with company secrets. Other programs may claim to delete all your old data files, but clever criminals often prove capable of digging up even the smallest traces of information left on discarded hardware.
You should always employ a secure chain of custody, but it is imperative that you close all exploitable weaknesses in your security. To be sure that your information is protected both physically and digitally, schedule a demo with Clarabyte and see how easy comprehensive security can be.