Data Center Security:
Let’s Get Physical…
Let’s be honest, how secure is your data center? You’re initial thoughts might go something like “it’s ironclad, the Fort Knox of all data centers, nothing could possibly be more secure.” And virtually, yes, you’re ready for anything. You probably have firewalls, VPN gateways, intrusion detection systems, monitoring systems, the whole nine-yards. No one will be manipulating their way into your network anytime soon. Your network is impenetrable!
But what about your data centers physical security? Sure you’ve thought about it, set up some precautions, installed a few security features, made some regulations, some rules. You’re probably thinking you’re well protected. However, you more than likely didn’t spend nearly as much time creating the master plan to protect your facility, as you did when you considered your network. Unfortunately, that is all too typical in the industry. Physical security is often placed on the back burner, largely forgotten until an unauthorized party manages to break into or sneak onto a site. So with that in mind…
It’s time to get physical- as in physically securing and protecting your data center.
As with all things, there will always be someone who takes things to the extreme. Physical Data Center Security is no exception. Iron Mountain houses four of its datacenters 22 stories underground in an old abandoned limestone mine. Google has been known to keep its server cages in complete darkness, outfitting its technical staff like miners and sending them spelunking into the cages with lights on their heads when anything needs to be updated or repaired. Visa not only has a moat, but also has a briefing room; its walls opaque like any others, but with the push of a button, they become transparent glass, revealing what’s beyond–a NASA-like command center with a 40-by-14-foot wall of screens, including Visa’s network overlaid on a world map. These, however, are rare cases. Companies like the three I listed above, store massive amounts of invaluable, irreplaceable, important data. It is understandable that they are slightly paranoid about their security.
Data Center Security Checklist
So what can you do to protect your data center from attack you ask? Read below to find out how a fictional data center is designed to withstand everything from corporate espionage artists to terrorists to natural disasters. Sure, the extra precautions can be expensive. But they’re simply part of the cost of building a secure facility that also can keep humming through disasters.
- Location, Location, Location
- Have Redundant bandwidth providers
- Don’t do anything to publicize what is at the location, no data center here signs
- Control all access to prevent potential piggybacking intruders
- Secure all doors, windows, and walls
- Have a Disaster Recover Plan in place
- Hire a company to locate all of your physical security weaknesses
- If possible construct with materials that provide ballistic protection, like Kevlar
- Vegetation and landscaping are your best friend
- Keep a 100-foot buffer zone around the site
- Use automatic bollards and guard stations at vehicle entry points
- Plan for bomb detection
- Limit entry points and don’t forget to watch the exists too
- Have security systems, like ,closed-circuit TV, and ensure 24×7 backup power
- Install at least one mantrap
- Keep a well-trained guard and security staff
- Make fire doors exit only
- Use plenty of cameras
- Implement agreements to ban discussion of anything to do with the facility
- Lock down all cages, cabinets and vaults
- Harden the datacenter core with additional authentication requirements
- Plan for secure air handling to keep intruders and chemical attacks out
- Ensure no one can play hide-and-go-seek in the walls and ceilings
- Use two-factor authentication such as bio metric identification or Electronic Access Control Systems (ACS)
- Have an effective server equipment handling solution, such as a ServerLIFT, to prevent downtime during a high threat time
- Enforce a no food and drink rule in computing rooms
- Have a “Threat Conditions Policy”
- Destroy all paper, disks, and data prior to disposing of it outside the facility
- Use extra precautions with visitors, they pose one of the greatest threats
If you would like to see some of these security measures in action, Google, interestingly enough released a video showcasing the security and data protection practices they use in their data centers. However, in true secretive Google fashion, near the end of the video there’s a reference to their use of additional security measures not shown–which can only be a reference to the sharks with friggin’ laser beams on their heads!