Hackers and terrorists aren't the only cyber threats to Corporate America. Fires, HVAC, power grids and backhoes can destroy a company's valuable network just as easily.
It's something that most companies don't even consider when choosing an Internet Service Provider and co-location facility, said Jerry Morris, founder and general manager of San Diego-based NextLevel Internet Inc.
Spending on cyber security is expected to reach $24.6 billion by 2009, as companies continue to be concerned with safeguards like VPN encryption, firewalls and intruder protection, according to technology research firm Gartner. With all the time and money being spent on thwarting possible internal threats it's no wonder IT managers aren't paying closer attention to the physical aspects of their networks, Morris said.
"The last thing a company thinks about in terms of security is whether its Internet Service Provider has a coherent plan in place to thwart a physical security breach," he said. "They also don't ask themselves, what happens if the environmental control systems go down? What happens if a backhoe digs up a trench containing a segment of the SONET (Synchronous Optical Network) coming in and out of the co-location facilities? These are questions companies really need to know and need to make sure their ISP is answering and has solutions for."
Besides fire and other natural disasters and physical threats, companies should also make sure that not only is the core backbone to their network being monitored 24/7, but ideally they also need to make sure the clients' individual connections to the Internet are being monitored. In the best case scenario, mitigation of a potential or growing threat is proactively squelched as a result of the proactive monitoring down to the client level.
Morris, an Internet veteran, founded NextLevel Internet in 1999 after seeing a dire need for such protection. NextLevel, a business-to-business co-location, Internet and managed data services provider, monitors its network connections through its network operation center 24/7. An engineer is always available to proactively solve an issue or call a client if any disturbances are noticed.
"To NextLevel, security is not a single issue," Morris said. "We try to identify risks and threats and provide the countermeasures to protect facilities, equipment and people."
NextLevel - whose clients include the American Red Cross, Home Depot Online, Santa Fe Christian School, Golden Hour Data and Palomar Pomerado Hospital - provides, among many things, continuous physical security monitoring; rapid response to alarms; access controls; closed circuit television monitoring; industrial-strength power and heating, ventilation and air conditioning (HVAC); fire extinguishing system and alarms; overhead cable management and ladder racking; and SONET ring architecture on the core network (in the event of a fiber cut, data in transmission is automatically rerouted to reach its destination via another path). Those who enter NextLevel's co-location facilities must also pass a minimum of four layers of physical security including biometric palm scanning.
"NextLevel's goal is to provide the highest level of security possible," Morris said. "We have designed a comprehensive strategy for protecting the physical and electronic infrastructure of the network. Companies today can't afford not to have this kind of vital network protection."
The following is a checklist of questions to ask yourself and the ISP to ensure there is a comprehensive plan in place that addresses the security of the physical and electronic infrastructure you need:
* Does the co-location facility have steel reinforced concrete walls and no exterior windows?
* Is the exterior signage of the facility obscure or non-existent?
* Does the location have access to multiple freeways in the case of an emergency?
* Is the facility in a single story building with a minimum of a seismic 4 rating if located in regions prone to earthquakes?
* Is the ISP in the flight path of a public or private air strip? If so, consider checking the flight crash records at the FAA's website to view historic close calls.
* Was the co-location facility built to meet or exceed commercial global telecommunications standards? Additionally, if you are a U.S. based company, will the ISP hold your company back from attaining such existing or potential audit requirements as Sarbanes Oxley, HIPPA or SAS70?
* Does the facility have access to multiple power grids?
* Does the ISP have multiple, stand-alone generators dedicated to the co-location facility specifically and not other occupants of the building?
* Does the ISP have a coherent plan in case of a fire, including comprehensive fire extinguishing systems and alarms?
* Does the facility have its HVAC/environmental control systems constantly monitored and routinely maintained professionally? Ask the operations manager or general manager if the ISP has ever had issues related to these systems that resulted in client outages.
* Is the entire network, including your local connection being proactively monitored 24/7 and what are the escalation procedures if an issue is detected?
* Are local technicians monitoring your individual connections and are they certified and capable of taking immediate action to correct a problem?
* Does the ISP conduct background checks on ALL of its employees?
* Does the ISP have a policy in place to immediately eliminate physical and virtual access to employees and or employees of clients who have been terminated?
* Does the ISP have contacts and experience working with FBI and CIA task forces to trace criminal acts if necessary?
For more information on NextLevel Internet, call (858) 836-0703 or visit www.nextlevelinternet.com.