Infrastructure

04:30 PM
Natalie Lehrer
Natalie Lehrer
Commentary
Connect Directly
Facebook
Twitter
RSS
E-Mail
50%
50%

A Guide to Physical Datacenter Security

Datacenters are generally known to be extremely secure facilities. However, physical breaches do happen, and they sometimes occur very easily.

If you have toured the inside of a large scale public datacenter, the first thing you will likely notice is that data security starts with physical security. Being able to take the best-practices from public datacenters and apply them inside a private datacenter will ultimately put another barrier between your data and individuals with malicious intent.

In 2011, an insurance agency called Health Net estimated that up to 1.9 million of its members could have had their personal information breached. This breach was first discovered when the datacenter, which was managed by IBM, notified Health Net of the missing server hard drives. Health Net was ordered to pay hundreds of thousands of dollars in fines, and the company was sued in civil court citing HIPAA regulations.

How to avoid such a nightmare scenario? Let’s be honest, securing your datacenter is no easy task. Each individual facility has its own set of variables that present unique physical security challenges. The following are a few tips that can be implemented today. These simple strategies will help you shore up the challenges you may have when creating a layer of physical security around your datacenter.

Establish a perimeter: Perhaps this sounds elementary, but you should already be enforcing some sort of physical security policy for your datacenter. While locked doors and biometric access to secured facilities is becoming commonplace, your organization may have a need for physical security guards who patrol the perimeter of your datacenter. As a best-practice, it is recommended that all datacenters have closed circuit video monitoring equipment facing each of its outside walls. These cameras should have a clear view of the ceiling as well, because some intruders will try to use the ceiling as a way to crawl into your facility.

Segregate loading and storage: Perhaps you’ve received a large shipment of bare metal servers. Although the servers do not contain data yet, the servers are still susceptible to an attack if an unauthorized individual gains access to them while they are still in the box. Sophisticated technology exists that can be implanted inside of a device that will sniff data and report back to a central location without the victim ever knowing. By having your loading docks segregated and secured away from your storage areas, you won’t have to risk someone compromising the integrity of your equipment before you put it in the racks.

Power and cabling: Two often overlooked aspects of datacenter physical security are power and network cabling. Without power, your servers can’t turn on. Without network access, your servers won’t be able to communicate. Cabling should look nice and neat, much as you would see in an advertisement for datacenter products. If network cabling or power cabling isn’t nice and neat, your organization could suffer unplanned downtime due to an employee making a mistake inside the datacenter. Any mistakes made by datacenter employees could ultimately compromise the integrity of your data.

Natalie Lehrer is a senior contributor for CloudWedge. In her spare time, Natalie enjoys exploring all things cloud and is a music enthusiast. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Byurcan
50%
50%
Byurcan,
User Rank: Author
8/13/2014 | 9:39:51 AM
Interesting article
I tent to think about data breaches as it pertains to cyber security and hacks, but this is a good reminder that physicals ecurity is also paramount.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
8/13/2014 | 3:20:29 PM
Re: Interesting article
When I recently visited a data center in NJ, I found it interesting that the "man traps" at each exit (small phone booth-like exits) weigh the person at entry and exit. Before they are allowed to leave, if they weigh more than when they entered, the 'man trap' locks and a security guard comes to inspect the individual. They do this so a person can't carry out a hard drive, or server by putting it in a bag.
Becca L
50%
50%
Becca L,
User Rank: Author
8/31/2014 | 2:14:17 PM
Re: Interesting article
I like that. Sometimes the most basic security measures are the best ones.
sarasota786
50%
50%
sarasota786,
User Rank: Apprentice
8/18/2014 | 1:12:50 AM
Re: Interesting article
Thanks for your perspective on this, this is most important in data center security, physical security  also build and it is very easy to handle, are you give me  better tip for handle physical security, my business also joint cloudwedge and suffered same problem but are you give me your valuable suggestion.  http://www.cloudwedge.com
reese2
100%
0%
reese2,
User Rank: Apprentice
8/29/2014 | 5:53:11 PM
Barely Skims the Surface
So much more to securing a data center.  Need to broaden your approach to look at both environmental and security factors.  

You location has a lot to do with the risks you face.  Look at what types of severe weather events could impact that location. 

If near an interstate, an accident with hazmat materials could shut it down. Look at the city water supply system and determine how many tank trucks you would need to keep going for a certain amount of time.  Hopefully, you data center is not located anywhere near a high crime area, but do note what types of business and agencies are in your neighborhood. Do they attract people you do not want near your data center? 

I spent many years reviewing the security of data centers. I could usually find a vulnerability that would enable a person with evil intent to enter the building and gain access to the critical areas.  Often, the protection of the generator and diesel fuel storage is overlooked.  Could critical air conditioning equipment be easily compromised?Too frequently, delivery trucks could drive up to the loading dock without being screened. They should be screened at a safe distance from the building.  

Depending on police response when intrusion detection alarms are sounded is a recipe for disaster.  It's good to know your police response times, both to a 9-1-1 and to an electronic alarm, relayed through a central station. Your guard force should be armed preferably with special police authority, and be well trained. The fire department and police should be given tours of your facility so they both understand its importance and have some plans for how to respond to an emergency.

 

 

 

 

 

 

   
Becca L
50%
50%
Becca L,
User Rank: Author
8/31/2014 | 2:17:43 PM
Re: Barely Skims the Surface
Spoken like someone who has seen it all,  thanks for adding some color to these securtiy measures. Interesting point about giving tours and runthroughs with the police, I imagine these are not the armed robbery kind of scenes they are typically treained for.  
Becca L
50%
50%
Becca L,
User Rank: Author
8/31/2014 | 2:12:15 PM
Iíve seen this movie...
"These cameras should have a clear view of the ceiling as well, because some intruders will try to use the ceiling as a way to crawl into your facility." Googling intruders coming through the ceiling yield a wildly surprising # of results.  A lifetime of Hollywood should prepare us all for this. It's Catwoman's signature move. Not to mention a key approach in Oceans 11,12 and 13. And this is basically in every episode of Alias.
More Commentary
OptionsCity To Launch Customizable Trading Experience
The Metro Now platform breaks tools down into downloadable build or buy widgets for faster deployment and a more customized trading style.
US T+2: All Thatís Left Is the Execution
T+2 settlement is right around the corner for the US. What will it take to get from where the industry is now to implementation?
Is There a Watson in Your Financial Future?
How artificial intelligence might affect financial services.
Survey Shows an Urgency to Automate the Back Office
Confluence reports numbers are trending up across the board when discussing the need to automate back-office processes.
7 Pillars of Market Surveillance 2.0
Compliance officers are facing flash crashes, insider trading, market manipulation, and more. Here are seven market surveillance and risk management steps that will help compliance officers sleep better at night.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
7 Unusual Behaviors That Indicate Security Breaches
7 Unusual Behaviors That Indicate Security Breaches
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.