When a company entrusts its IT infrastructure with a data center, it wants to have assurance that the very latest in physical security standards will be implemented. Some of these features are easy to evaluate. A data center should “look” secure, for instance, meaning it should be set back from busy highways, preferably obscured by trees or other barriers, and force all traffic to enter through a single gate. Once inside that perimeter, however, things get a little more complicated and, in some cases, less obvious.
Here are a few critical data center physical security standards every colocation customer should evaluate when they’re looking to partner with a facility.
Every aspect of a data center’s security should work in concert with other elements as part of a comprehensive, layered system. The idea is that a potential intruder should be forced to breach several layers of security before reaching valuable data or hardware assets. Should one layer prove ineffective, other layers will likely prevent the intrusion from compromising the entire system.
While it may seem like a simple thing, one of the most important elements of data center security is ensuring that only authorized persons are permitted to access key assets. When a company colocates with a data center, not every employee there needs to have access to the servers. By maintaining up-to-date access lists, a facility can help their customers prevent theft and guard against human error by people who aren’t authorized to handle IT assets in the first place.
Another longtime staple of physical security, video surveillance is still incredibly valuable for data centers. Close circuit television cameras (CCTVs) with full pan, tilt, and zoom features should monitor exterior access points and all interior doors as well as the data floor itself. Camera footage should be backed up digitally and archived offsite to guard against unauthorized tampering.
Sensitive areas like the data floor should be secured by more than a simple locked door. Manned checkpoints with floor-to-ceiling turnstiles or man-traps that prevent an authorized visitor from passing credential back to someone else are essential physical security standards for any data center facility.
Security checkpoints, cameras, and alarms won’t amount to much without security staff on site to respond to potential threats and unauthorized activity. Routine patrols can provide a visible reminder that security personnel are on the lookout and can react quickly to deal with any potential issue.
While having data center security personnel on-site and archived camera footage available is critical, it’s still difficult to keep eyes on every piece of hardware at all times. With RFID tagging, data centers can manage and track assets in real-time through powerful business intelligence software. Tags can even send out alerts the moment an asset is moved or tampered with, allowing data center personnel to respond quickly to any threat.
Between security staff and remote hands technicians, data centers have a lot of people moving throughout a secure facility. Conducting thorough background checks on staff, as well as vetting third-party contractors, they can provide assurances to their customers that these people can be trusted to manage and protect their valuable IT assets.
When someone who has the authorization to access sensitive areas and assets within the data center leaves their position, their privileges don’t go with them. Whether it’s data center personnel or customer employees with access rights who are leaving the organization, facilities should have systems and procedures in place to remove those privileges. This could mean updating access lists, collecting keys, or deleting biometric data from the facility’s system to make sure they won’t be able to pass through security in the future.
Every data center should follow logical security procedures that incorporate two-factor authentication. Every access point should require two forms of identification or authorization to ensure that no one will simply be “waved through” by security if they’re missing one form of authentication.
One of the latest innovations in security standards, biometric technology identifies people through a unique physical characteristic, such as a thumbprint, retina shape, or voice pattern. There are a variety of ways to incorporate biometric technology into access protocols, and it is especially valuable as one component of two-factor authentication.
As data center security technology continues to involve, new physical security measures will surely be incorporated as best practices. Data center physical security standards may not be evident at first glance because many of them are intended to remain out of sight. Even so, data center customers can review security certifications and request a more detailed overview of the physical and logical security measures a facility has put in place to ensure that data remains well-protected.