Protecting Data Center Investments with Layered Perimeter Security

    800 547 1547 Realty

    Digital security methods help protect your clients’ data within your data center. But the equipment that processes, serves, and stores that data is worth millions of dollars, and it can be the target of thieves. While these stories don’t hit the news very often, data center burglaries do happen, and without strong perimeter security, your colocation or cloud facility is much less likely to win customers.

    In 2011, a break-in at a Vodafone data center in the UK left thousands without access to mobile services. The thieves knocked down a door to get in. Last year, an Oregon data center actually had a thief (who had knowledge of the building’s security systems) break in by crawling through the ducts, Mission Impossible style.

    Data centers don’t seem like a popular target for thieves. They aren’t very high profile. Equipment stolen from them could be hard to fence, thanks to serial numbers and internet connections. Not to mention the sheer size of it. However, with more and more companies placing their sensitive data within colocation facilities or in the cloud, not to mention the value of servers and networking equipment, data center burglaries could become more common.

    That’s where perimeter security comes into play. Physical data center security is built in layers, from the parking lot into the core and down to the rack. When you have many tenants, employees, third party contractors, tours, and delivery people entering various parts of your facility at all hours, you need to control access to vital assets.

    Data Center Security From the Outside In

    The outermost layer of security is outside the data center itself. Fenced facilities, gates, concrete bollards, bulletproof glass, reinforced walls…it may make your facility seem like a fortress, but it will give your clients peace of mind and defend against any wild attacks. CCTV monitoring starts here, with cameras trained on all entrances. Some cameras should be obvious and some hidden, so it’s clear that the grounds are monitored but they can’t all be easily spotted or disabled. Vegetation outside the data center should be carefully placed and manicured to avoid creating easy hiding spots near windows or other access points.

    From there, all doors leading in should be monitored and also have solid locks. Even the front door should be locked after regular business hours. Each visitor that enters the data center must be challenged and recorded. This is required to pass some audits, but take an ID in exchange for a data center keycard. Intruders have been known to follow closely behind authorized personnel, using props like food or crutches to get doors held for them.

    It is more and more common for data centers to have intruder alarm systems placed on all doors, air ducts, and other apertures. These are often laser-triggered, so if a door is open too long, or a large object enters an air plenum, the alarm sounds.

    Any rooms or hallways past the lobby should be protected multiple Access Control Systems: a combination of keycard, PIN, and/or biometrics. Each door from this entrance on in to the data center floor should also have this combination, preferably with biometrics as they are harder to fake (and also harder to lose).

    Finally, the white space itself should be secured with multi-factor authentication, monitored via camera, and have all cages, pods, or racks secured with their own locks. Smart locks are becoming more popular to allow customizable, reprogrammable access to tenants. These allow keycard or pin access to cabinets or pods.

    Security Systems Only As Strong as Weakest Link – People

    Even with a fully integrated monitoring system that keeps track of alarms, cameras, access logs, and more, your data center security still comes down to your employees or contractors. There should be a a dedicated staff member in charge of keeping an eye on security systems at all times. All employees should know how the system works and you should have a well-documented security plan that includes system functionality, maintenance scheduling, and protocols for entry, alarm response, and emergencies.

    In some cases, it is the employees themselves who perpetrate a data center theft. This can be hard to defend against, as you spent time carefully training them in the use of your security systems. It could be worth keeping a few cameras secret. Otherwise, log files can be the only way to catch a canny rogue employee. Be sure to perform background checks and screen each employee before hiring.

    There are many factors involved in creating a a well-rounded data center security plan and system. In today’s market, many of these items are taken for granted in a properly designed data center, so be sure to meet the highest standards you can in order to win security-conscious customers, like those in government, finance, or healthcare.