Containers, from cabinets to secure buildings, play a similar role for protecting information systems as for protecting information. The hosts processing information are housed in facilities that effectively are security containers designed to protect the confidentiality, integrity and availability of the information systems. The confidentiality of data within computers is protected by limiting authorized access to devices. The availability of systems is improved when housed in large data centers that are placed in locations that consider reduced threat event frequency by acts of nature (earthquakes, floods, wind damage) and provided with backup power that responds to reduce the impact of threat events. Finally, security control systems are also located within the facility. Since the integrity of these systems are the foundation for the security controls across the organization information system (e.g., encryption key controls), they may be placed within a container in the data center to further limit who is authorized access.
Copyright © 2019 Christopher T. Carlson
Return to Defense in Depth