Data Center Services Security Program
The Texas Data Center Services (DCS) program allows the state to employ an enterprise approach to improve management of major technology infrastructure projects and promote efficient and effective data center operations. As a cornerstone of this, the DCS Security Program was established to maintain a security posture in the consolidated data centers and all systems that fall into the scope of DCS. The Security Program integrates with the DCS Governance to ensure security is a part of the culture of DCS and is a fundamental element in all DCS initiatives.
DCS Security Program is mapped to a master system security plan. This policy defines the settings needed for compliance with various regulatory bodies of existing customers and is flexible enough to accommodate needs of potential customers and changing regulatory requirements. There are tools and processes in place to compare the environment to these settings so that risks can be addressed through a risk management process. This plan also utilizes and leverages NIST 800-53, CIS benchmarks, TAC §202, and other regulatory frameworks.
DCS Security is continually working to improve the maturity of the program as dictated by the Texas Cybersecurity Framework. Protecting the environments and customer resources is imperative to achieving DCS goals. The security program aims to be a valuable asset as well as a reason for current and future customers to choose Data Center Services.
Security Plan Model
The Security Program is comprised of security focal points from the Texas Department of Information Resources' Office of the Chief Information Security Office, a multi-sourcing integrator and each of the service component providers. The intent of the DCS model is to use centralized volume purchasing power to more efficiently provide compute, storage, and security to Texas governmental entities and state agencies.
Currently DCS Security Program maintains an antivirus protection, network intrusion prevention system, security incident and event monitor, host intrusion prevention system and performs vulnerability scans. There are numerous services, policies and processes that work in conjunction with the technologies in place to further increase the security posture that these technical safeguard checks can provide to the environment. Security incident management is also included.