28 Jan Data Center Physical Security
What is a data center?
A data center is a location that contains business-critical applications and information, and has components that IT needs to store and manage them. Within one of these centers you would find computing and networking equipment, as well as network infrastructure. This infrastructure encompasses servers, routers, gateways, switches, storage systems, etc. The data centers store massive amounts of data for processing, analyzing, and distributing and as such are vital to the continuous operation of an organization.
It’s helpful to conceptualize a data center into 3 key elements:
An organization’s data is generally retained in a data center. You’ll find this data on hard disk drives, servers, tape drives, forms of backup, as well as other forms of internal and external storage.
Interconnections between data center components and to the outside take place through dedicated service provider lines. Unless it’s a private data center, many will have multiple connections available from different providers, allowing them to offer a range of options to customers. This also helps protect against distributed denial of service attacks.
Compute refers to any workloads, applications, or activities that necessitate more processing resources than its memory or I/O resource requirements. Simply put, this refers to objects geared towards computation and processing.
While a large company may have its own data center, either within a facility or in its own location, many organizations will rent space and networking equipment in an off-site data center instead of owning one. This is due to both monetary restrictions and generally a higher level of security. Data centers that caters to multiple organizations is known as a multi-tenant data center or a colocation data center.
If you’re concerned about data center physical security, you’re likely a facility with on-premise data centers, operate a data center, or perhaps want to perform an assessment on a third-party you rent from. This blog covers physical security, but keep in mind that software security is another large component.
How to Protect a Data Center?
The physical security of a data center includes protection of all assets, which includes hardware, software, company data, the property itself, and also employees. Physical security encompasses a wide range of strategies used to prevent outside interference. Examples include burglary, theft, civil unrest, terrorism, natural disasters, or anything that could cause a loss or damage. Physical controls include perimeter monitoring, motion detection, and intrusion alarms.
Physical security for a data center is going to have a few layers that focus on different aspect. The first layer of protection will include perimeter security, focusing on detecting and deterring any unauthorized threats at the perimeter. In case of a breach, facility controls are going to focus on monitoring and protecting the building. Further controls are geared more towards preventing inside threats, assuming an outsider would not likely breach 2 layers of security. These controls would protect the main computer room, requiring biometrics or other form of authorization that ensures no one gets in that is not meant to. Lastly, though a great deal of damage can be done by anyone who has reached this point, many date centers will have cabinet controls as an added layer of authorization.
Physical security assessments should be performed regularly to ensure your data center is protected. This will ensure key areas are monitored and audited vigorously and force you to evaluate topics such as:
• Access controls
• Proximity to high-risk areas using third-party data
• Availability of network carriers
• Likelihood of natural disasters
• CCTV and detection systems
• Security guards
• Maintenance policies
• Fire alarms and combatants
• Utility Redundancy
• HVAC/Venting position and maintenance
Each of these areas, among others, will be explored at a more in-depth level. When evaluating access control, you will look at power supply, does the system have anti-tailgating measures, biometric or ID entry, etc. This data will ultimately let you know your total risk and what areas require the most focus and resources.
Data Center Cabling
Since data center physical security relies so much on keeping everything protected and running, it’s important to call attention to cabling. The physical infrastructure of cabling makes data center networking architecture possible, but also carries a lot or risk when executed incorrectly. Cables can create an unsafe environment for your equipment by restricting airflow to racks, trapping dust, trapping heat, and making it difficult to see how devices are connected without spending a significant period of time. This can cause equipment to overheat and fail, resulting in periods of downtime.
Data center cabling is typically installed beneath an elevated floor or in overhead containers. This keeps cables organized and away from hardware, at least in some capacity, which often helps to reduce energy costs in cooling, prolong equipment life, and maintenance time. Unstructured, data centers may not take as long to implement, but will often lead to higher operational costs down the road.
• Design your cabling infrastructure ahead of time
• Determine cable length prior to installation to reduce excess
• Document installation and utilize color schemes
Risk Assessment Software
Utilizing risk assessment software is vital to ensuring your data centers are protected. Check compliance against relevant regulations and standards, such as ASIS industrial physical security and ISO 27001.
Our platform will allow you to manage multiple assessments concurrently, centrally look at all risks, and report on all data collectively or drill down into individual data sets collected. Members of the team that would perform assessments would not need to be trained on using the platform, only an admin would need to receive training.
Take a free trial and see how you can ensure your data center stays protected.