The modern data center is far more than a building with a room full of servers and IT equipment. They are state-of-the-art facilities protected by the very latest in physical security best practices. While some of these principles are hardly new, the technology used to implement them has contributed to making data centers more secure than ever before.
One of the most important components of any security strategy, however, involves not the facility itself, but the area surrounding it. Perimeter security plays a critical role in regulating access and protecting the valuable assets inside the data center.
One underappreciated aspect of data center perimeter security is subtlety. Data center facilities are often designed to be as nondescript and modest as possible, even blending in with their surroundings to avoid standing out. In many cases, casual observers don’t even realize that the building is a data center. This design isn’t a matter of aesthetics; it is a deliberate strategy called Crime Prevention Through Environmental Design (CPTED). The basic idea of this approach is to treat the data center’s surroundings as an aspect of its security. Tucked away out of sight from major highways and devoid of any signage, obvious entrances, or parking lots, data centers can discourage unwanted intrusion simply by keeping a low profile that gives little indication of the valuable assets they contain.
Fencing solutions are a crucial element of data center physical security standards. No one should be able to gain access to the facility without authorization, so some kind of perimeter fencing is needed to discourage entry and funnel visitors to designated entry points. A typical data center needs more than a flimsy chain link fence, however. Most facilities deploy fences built from high-tensile strength, steel-corrugated pales that curve outward at the top to discourage climbers. Constructed without the use of brackets so they can’t be disassembled, these fences are anchored with concrete footers and capable of withstanding impact from an oncoming vehicle. The US Department of State issues a Crash Test Certification, or “K” rating, to manufactured barriers to measure their stopping power.
Bollards, a type of short, vertical post, are used to provide further protection against vehicles. Some facilities incorporate pop-up bollards that can be raised or lowered at points of entry to admit authorized visitors. These physical security barriers, along with other barriers like boulders and jersey walls, can also be used to slow vehicle progress and make it almost impossible for a vehicle to crash into the facility itself.
While data center perimeter barriers are an effective means of restricting unauthorized entry, they should be accompanied by surveillance technology that gives security personnel a comprehensive view of what’s happening around the facility at all times. Laser scanners positioned around the perimeter fence can detect movement and attempts to break through. Panning video cameras tied in with other sensors should be able to scan the area around the facility to monitor any activity. Thermal imaging can also provide visibility at all hours and in any weather conditions, making them a key element of data center physical security standards.
In addition to fencing and other barriers, the facility’s main entry point is an important element of a sound data center security strategy. All staff and guests should have to pass through a perimeter gate in order to gain access to the facility itself. Ideally, the gate should be staffed around the clock, either by physical security or virtual guards located inside the facility. In order to pass through the gate, visitors must present their credentials, which will then be verified according to access lists the data center keeps on file.
As the first line of defense, the front gate gives security personnel an opportunity to screen all potential visitors, prevent unauthorized access, and identify suspicious behavior. It also allows the facility to direct traffic efficiently, moving visitors from checkpoint to checkpoint and discouraging them from wandering around unattended.
While data centers incorporate a variety of security practices within the facility itself to regulate access, perimeter security measures are every bit as important. As part of a layered approach to security, the facility’s perimeter defenses are vital to preventing unauthorized visitors from reaching the data center. They also serve as the first point of contact for authorized visitors, allowing security personnel to control access far more effectively to protect the valuable IT assets stored within the facility itself.
Ross is a Regional Vice President, Operations at vXchnge and is responsible for managing all 14 data center locations. With more than 30 years of experience, Ross has managed data center construction, engineering, repair and maintenance, leading him to the emerging business of colocation.