London, 21 January 2010 - End users perceive that security of data centres is of greatest concern, and is among the findings of an extensive new study from BroadGroup. Data centre security remains a critical issue for both end-user organizations and data centre and managed service providers, achieving top ranking alongside availability/resilience of data centre based IT services in the survey conducted for the new report.

Data Centre Security, published today, is based on primary research including an end user survey, a survey of service providers, interviews with end-users, vendors, service providers and industry experts, this extensive new report (147 pages) focused on data centre security reveals how organizations are responding to a changing threat landscape . It also incorporates information from a wide range of sources covering physical, logical and people-related security measures.

The threat landscape is changing; one operator interviewed recorded 170-200 distributed denial of service (DDoS) events every two weeks. Of these, around one every week would be “a very large concerted DDoS attack”. Enterprises interviewed revealed their key concerns, but the report overall does provide evidence that a level of confidence in security standards is being achieved by most data centres.

An overriding objective of the report is to bring together knowledge across physical security, information security and IT/computer security in the context of the data centre and addresses all layers from the physical facility up to aspects of application security in a manner relevant to data centre organisations. New controls are being deployed to meet these threats and compliance requirements in particular in the areas of web application security and data security. At the same time, it is the long-standing threats of human error and physical security of the data centre which continue to be ranked of key importance by respondents to the surveys conducted for this report.

Nevertheless, the report suggests that change in the level of secrecy is increasing with some 32% of data centre operators interviewed advising they now have no directory or Internet listing of the address of their data centre facilities.

The report also uniquely presents an extensive set of good practices in data centre security focusing on areas not typically addressed in existing standards. Most areas are accompanied by extensive further information references with more than 150 links to standards, literature and vendors of products and solutions.

Research for this report suggests that compliance is a key driver for data centre security efforts. The report looks at the relevance of data centre security to several compliance regulations and advises readers how they can find the information they need to ease data centre related compliance efforts.

Finally the report examines the impact virtualisation and cloud computing are having on data centre security and the way in which vendor solutions are beginning to respond to these changes in data centre security needs.