data center

Physical Security for Data Centers

Emily Schack Security Assessment, Security Planning, Security Policy and Procedure Development, Security Program Development, Security Schematic Design, Security System Bid Process and Evaluation, Security System Budget Development and Estimating, Security System Concept Development, Security System Construction Document Development, Security System Design Development, Security System Lifespan Management, Security System Testing and Commissioning, Security Threat Assessment


data centerIt’s no surprise that data centers are popping up everywhere, considering the growing need for cloud computing. Data centers offer services that allow you to store data on their servers. IT spends a lot of time securing these high-volume installation networks from attacks, and it is important to you that your data center’s network security stays secure. But how important is the physical security?

Data centers are planned and designed to meet the current and future needs of any size company. They are also designed to protect against physical intrusions. These physical threats can come in the form of natural disasters, physical disturbance, and energy issues. But how do you design against that? In a previous article, Rusty Gilmore discussed securing your network; here I’m going to discuss the physical security needed for your data center.

It’s very unlikely that a movie scene from a Mission Impossible or Ocean’s 11 would occur in your data center, but it’s not completely unheard of either. Criminals impersonated as police officers swindled their way into a Verizon data center in London back in 2007 (full story here). They tied up all the employees and staff and stole over $4 million in computing equipment.

When designing a highly secure data center, you first need to perform a basic risk assessment of the location and the equipment within the facility. The assessment will lay down the basis of what is needed to secure your building. It’s impossible to prevent all threats, but through proper design, you’ll be able to minimize the risk that an intruder will be successful.

Through thorough designs, your data center should not be left open to unwanted visitors or careless staff. First, limit entry points. All access to be the building needs to be controlled and monitored. Having a single point of entry allows you to properly identify all visitors. Challenging every visitor needs to be standard policy. One of the biggest issues we hear from clients is “piggy backing” by employees. Intruders act causal, look innocent, and are dressed like an employee or salesman. They may appear to need “help” with the door, such as talking on their cell phone, carrying a tray of food, or even using crutches. The employees then hold the secure door open for them. By tailgating into the data center, the intruder has just bypassed your security measures.

Your second line of defense here would be implementing man-traps that require continuous door control while trying to move through the facility. The intruder will not be able to travel through the facility’s layers if he doesn’t have a card access.

Let’s add another line of security to increase the chance that the intruder would have never gotten that far to begin with. Perimeter fencing or thick walls will help protect from physical attacks and reduce possible damages from natural disasters. Parking lot entry should be controlled with a gated entry. Having retractable bollards and a security guard house would also be very beneficial.

Invest in a good surveillance – including pan-tilt-zoom and fixed cameras – and digital recording systems. Cameras are an excellent deterrent. They may not prevent an attack but can provide identification during an investigation.

Additional security layers need to include background checks on all employees before hiring, security team and 24/7 surveillance, cages for sensitive equipment, and a threat condition policy.

You hear it in the news all the time; another company has been hacked. These same companies spend millions of dollars to keep their network safe, yet if an intruder physically takes down your data center then what was it all for?