SWOT Analysis:

Both public and private sector organizations are relying heavily on data centers infrastructure to
store their operating and intellectual data, track business transactions, and comply with
regulatory mandates. Organizations are now enabling their data centers to take advantage of the
efficiency and elasticity of different cryptographic and Web-based third parties services.. The
emergence of new applications that use technologies such as virtualization and service-oriented
architecture (SOA) allows organizations to communicate, collaborate, and operate their data
centers with far better efficiency.
However, for security of data centers many modern applications also employ advanced features
like trusted services such as Web-based third parties (KDC), encryption techniques (secret /
public keys) and advanced firewalls. Although there is business value in authorizing access to
these applications and services within the data center, they can introduce a host of risks that
include the loss of intellectual property, compliance failure, data leakage, and new threat
propagation vectors. Moreover, well organized and financially motivated cyber criminals are
increasingly viewing data centers as their most attractive exploit targets. So now there is in need
of taking some extra measures and enabling complex security protocols and mechanisms
implemented both on hardware and software to save the valued business data.
The transport layer security (SSL) enabled data center services depend on the trusted third party
from which the data center servers and sites are certified to provide a great web of trust
relationships. In the SSL configured scenario two parties are involved for authenticating the
customer one is bank itself that authenticates the customer with the help of user name and
password and other is the web-based trusted third party that further authenticates the customer
from the VeriSign-issued Digital ID (SSL certificate) for the bank's server. This is in fact two
way security mechanism for authenticating the customer before gaining access to data centers.
While selecting and certifying from the third party one thing should be considered that third
party has access to all of your business data and customer information so the third part itself
should be reliable and secure enough so that no illegal person should not gain access to the data
centers. Secondly this trusted third party should set some time span up to which the issued digital
certificates are valid and then periodically updating the expired digital certificates.
After authenticating the customer from the bank and the trusted third party. the bank then ensures
that the transmitted data between the customer and the bank data center should be encrypted and
secure enough to prevent it from the man-in-middle attacks. The bank data center uses
temporarily generated public/private key pair as a session key in transaction oriented
applications. Temporarily generated pair of public / private key is much safer because the scope
of this key pair is limited to only one communication session and after the completion of the
session the session keys are discarded. Despite the simplicity, this is an attractive protocol. No
keys exist before the start of the communication and no exist after the completion of the
communication session. Thus the risk of compromise of keys in minimal. If during the
communication session Cryptanalysis attacks by capturing the cipher text and tries to obtain the
current plain text and sessional key for future use, this is not beneficial for him because the scope
of this key is only limited to this communication session.
But one drawback of this dynamically generated public/private key pair is that the generation and
distribution of sessional keys for public key encryption could degrade overall system
performance because of relatively high computational load of generating and then distributing
these sessional keys again and again to customer even for a very short communication session
between the client and the server (Data Center).

Points for providing physical security to data centers

CCTV cameras are fitted at the door and inside the data centers
Main doors are locked and keys are possessed by Security officer of the bank
Opening of further door with thumb impression
Each computer room has redundant access to power, cooling, and networks.

The official has proper user ID and password for authentication in the systems
Different bank officials have different access rights to the information stored.