The CIO of a large financial services firm recently approached me for assistance in building out her company’s cyber-resilience strategy. Specifically, she knew that the firm was going to need to add an additional data center over the next year to meet growing demand, and she wanted to use that expansion as an opportunity to enhance the firm’s business continuity program. CDW provided the company with some practical advice to help draw this additional benefit from its investment.

Learn how CDW Amplified™ Security Services can help your organization improve resilience and reduce risk.

While we were helping a very large organization expand an existing global footprint, the advice we shared is relevant across firms of all sizes. Let’s take a look at a few ways that all organizations can enhance cyber resilience.

Location, Location, Location

When it comes to placing a secondary data center, it’s all about the location — specifically, the location relative to other facilities. The first site that the firm had in mind was located only about 25 miles from one of its existing sites. I reminded the CIO that this exposed the company to the risk of both facilities being taken offline by the same disaster. It’s good practice to separate facilities by at least 75 to 100 miles.

Check Out the Local Infrastructure

When examining potential locations, you don’t want to just draw a line 100 miles from your existing facility and plop down your new data center there. Make sure that you verify the local infrastructure first and ensure that there is sufficient power available — and that bringing utilities to your site won’t require extensive (and expensive) trenching work that can easily blow up your budget.

Integrate Strong Authentication

Protecting your data center requires carefully limiting physical access. The financial services firm planned to have about 30 people working in the facility on a typical day, with occasional visitors from other areas. Make sure that your facilities have strong access controls in place to successfully identify and authenticate both regular employees and occasional visitors to prevent unauthorized access.

Build Out Robust Monitoring Capabilities

Make sure that you’re able to quickly identify situations where something is amiss. As you build out firewalls, endpoint protection platforms and other security controls, integrate them with a security information and event management (SIEM) solution to provide your operations team with real-time insight into security events.

Test Your Recovery Plans

Some organizations choose to adopt a secondary data center strategy where the facility sits idle until it is needed during the activation of a disaster recovery plan. That’s a perfectly valid strategy, but if you choose this approach, be sure to test that facility regularly. Testing a backup data center is a laborious task that engineers generally prefer to avoid, but it’s crucial to your cyber-resiliency efforts. You definitely want to discover any flaws in your plan during a test, not during an actual emergency.

These basic cybersecurity principles can help organizations build more resilient technology infrastructures. Organizations that follow them will find themselves better positioned in the event of a natural or man-made disaster.