Shielding the Fortress: Physical Security for Data Centers
Effective physical security at data centers is about preventing unauthorized intrusions, and detecting and containing incidents in the event of a successful intrusion. Physical security standards are included in compliance regulations, such as HIPAA, and the major security frameworks, including COBIT, ISO and NIST standards. If you do the research, there are countless resources to help you achieve the highest level of security possible. At that point, it’s up to you and your team to decide which security controls and measures are essential — and affordable — for your business.
When attempting to optimize physical security, whether it’s for a new data center or an existing one, the first step is to have a basic risk assessment performed on the facility, focusing on data and equipment. This will help determine the impact of a potential breach, as well as identify the most likely vulnerabilities the center faces. Once you’ve analyzed the results, develop a plan of action containing strategies and steps to enhance security.
A fundamental practice for physical security is putting the first line of defense outside the facility. Data center buildings should have a low-key appearance and not draw attention to the nature of the building’s use. Avoid signs referencing data centers and avoid windows that look directly into the data floor. Restricting access to the facility parking lot is ideal.
To secure facility entrances and exits, limit the number of entry points. Visitors should arrive through a single entrance, and loading-bay access should be monitored. If the data center is an older facility, ensure that the door hinges are on the inside of the building, not the outside. Implementing mantraps, or access control vestibules, and anti-passback features will prevent tailgating entry, and alarms on fire exits will prevent ease of exit.
There should be plenty of cameras inside and outside, with full zoom, pan and tilt. All doors should have cameras on them, and footage should be stored off-site in real time to prevent tampering in the event of a breach. Cabling and wiring for IT equipment and system components should be run through overhead or under-floor cable trays. Door controls are a must for allowing appropriate personnel to access secure areas while preventing wandering visitors.