For most organizations, the data center is the most important element of their operations; literally holding everything together. It’s the base camp for core applications where large datasets are processed, supported by the core network infrastructure. Keeping it secure should, therefore, be at the top of any company’s list of priorities.

Alexander Lesnitsky_Pixabay_royal-guardsman_314x800.png
Not every organization can enjoy this level of physical security – Alexander Lesnitsky, Pixabay

Moreover, this was not a freak, one-off occurrence. An Uptime Institute survey revealed that 45 percent of data centers have experienced operation-threatening weather, while just under 10 percent have suffered significant disruption as a result. So, to ensure maximum uptime, you need to prepare as well for physical threats as to cyber threats.

You may think the likelihood of any modern data center falling victim to extreme weather or a natural disaster as negligible, but when Hurricane Sandy whirled through the eastern United States in 2012, several data centers suffered flooding that disabled fuel pumps, eventually shutting off the power and bringing all of them to a standstill.

Moreover, this was not a freak, one-off occurance. An Uptime Institute survey revealed that 45 percent of data centers have experienced operation-threatening weather, while just under 10 percent have suffered significant disruption as a result. So, to ensure maximum uptime, you need to prepare as well for physical threats as to cyber threats.

In addition, it’s important to remember that physical security doesn’t just include the outside perimeter of the building and its grounds. Data centers should be equipped to continue operating if a particular critical system fails. It’s about creating redundant back-up power, cooling, heating, ventilation, and security systems to avoid significant disruption in the event of a power failure.

After all, security measures are not solely for the purpose of preventing breaches, but also to reduce the chances of criminals succeeding. Let’s look at some of the security measures you should look for when partnering with a data center operator.

The physical barrier

For a physical breach to occur at any data center facility, the perpetrators must have found a weakness – some way to enter the property.

A fence with a minimum height of four meters is the first layer of protection. Next, is the actual building equipped with strong locks, cameras, motion detectors and alarms that will identify and stop most intruders?

If that is not enough and the intruder isn’t stopped, is the actual computer room equipped with solid doors, walls and locks together with access systems to makeng it nearly impossible to enter without getting caught?

The final level of protection is the private cage inside the computer room, as well as the installation of secure digital locks on the racks.

Stafford GREEN_Pixabay_camera-712122_1920.jpg
Sometimes, security might look good on paper, but the reality can be very different – Stafford Green, Pixabay

As you can see, physical security should be built in layers where each layer is both discovering as well as aggravating. We compare it with peeling an onion, in Sweden we call it “deep defense principle” and is used by governments, military and police to protect important assets like nuclear plants.

Perimeter wiring

Now that you’ve got a fence surrounding the perimeter of your data center, add an extra layer of protection by wrapping a layer of wire around the top of it. Trembler coil and barb wire is perfect for the job: an alarm will trip if sensors detect movement or pressure.

Additionally, you’ll get a notification of exactly what part of the wire was disrupted, so you can divert your response accordingly to the right location. Also, implementing electrical wires on the lower part of the fence will have deterrent effect on an intruder.

CCTV monitoring

This is probably one of the most important aspects of securing the data center.

By limiting the number of entry points and combining a variety of video surveillance cameras you will significantly increase your physical security. Low-light cameras, motion-detection and pan-tilt-zoom devices will deter intruders and document those who do attempt to breach the facility, digitally storing the evidence off-site and making it available when incidents occur.

Access control systems

This should be built in several layers, starting with an access list controlled by you, the customer, with each approved person only granted access to specific areas in the facility, depending on their role.

The actual access to the data center is designed using a personal keycard/tag, a personal code combined with biometrics, and facial recognition, as well as a ‘mantrap’ guarded by security personnel. All data, of course, needs to be stored for compliance purposes, as well as future use should incidents occur, making it easy to determine who accessed the facility and when.

Biometric entry systems significantly improve authentication and identity management in data centers; it’s not dependent on the possession of some physical item, like an access card, that can be lent or lost. Additionally, it’s incredibly difficult to duplicate behavioral and biological characteristics, meaning a very low possibility of tampering or deceit.

Security officer

You could argue that this is a watershed, but physical security officers remain the standard in the industry and expected in RFP’s.

On the one hand, you could argue that this is an extra layer of security, but on the other, you could argue that introducing a human being into the security mix could also elevate risk as a person can be threatened or bribed, while technology measures and remote guards cannot. It’s hard to conclude the best solution, but it often comes down to customer requirements after evaluating the actual security on site.

However, intricate your security system is, make sure your data center operator constantly tests it to make sure all components are working as they should be. Moreover, any staff hired for this reason should receive regular training on compliance and processes.

Most, if not all, data is valuable to an unauthorized third party. Data breaches are incredibly detrimental to organizations, especially in an age of mandatory disclosure, and come with extreme financial consequences, so make sure your business implements multiple layers of security to reduce your risk – and doesn’t underestimate the importance of good physical security.