Data centers take their security measures very seriously. With so much valuable data and IT infrastructure stored within the walls of these facilities, customers want to know their assets are well-protected. While cybersecurity draws plenty of headlines as companies try to protect themselves against many types of security breaches, good old-fashioned physical security is just as important when it comes to safeguarding sensitive data. In fact, a 2015 study of healthcare data breaches found that physical theft was the most common type of security compromise in the healthcare industry, making data center physical security standards incredibly important to consider.
Today’s data centers take two distinct approaches to secure their premises: logical security vs physical security. While the two might sound different, they’re actually closely connected and complement one another quite well. Here is a brief overview of how data centers utilize logical security vs physical security as part of their comprehensive security strategies:
Broadly speaking, data center physical security best practices are all about barriers and detection. Whatever form they take, these measures are all designed to either prevent someone from reaching something they’re not authorized to access or catch them in the act and alert security personnel. The most effective forms of physical security work in concert as part of a layered strategy. Rather than trusting in one form of deterrence, layered security ensures that a breach of one, or even several, outer layers of security won’t compromise critical operations and assets within.
Data center physical security standards incorporate multiple layers, with sometimes up to six or seven layers of protection surrounding the data floor itself. These layers vary in complexity, ranging from the fence surrounding the facility to the sophisticated biometric scanner locks on individual server cabinets. Whatever form it takes, however, the underlying principle of layered security is that anyone attempting to gain access to valuable assets must pass through multiple authentication checkpoints in order to do so, many of which will require different credentials.
Surveillance is another important aspect of data center physical security best practices. Closed Circuit Television Cameras (CCTVs) might sound like an old-fashioned solution in the 21st century, but they’re still very effective. Digital footage should be backed up and archived offsite to protect cameras from tampering. Exterior units should cover the grounds and be able to pan, tilt, and zoom. Interior units should monitor all of the facility’s entrances and exits in addition to the data floor.
Access points are another important example of data center physical security best practices. They typically incorporate some form of turnstiles or “man-traps” that prohibits more than one person from entering an area at one time. This prevents anyone from sneaking in behind someone who is authorized to enter and also makes it impossible for authorized visitors to pass their credential back to someone. Every entry and transit point should funnel visitors from one checkpoint to the next, making it difficult, if not impossible, for anyone to wander off. This allows a facility to concentrate available security personnel in key locations. Emergency doors should lock from the inside, permitting only one-way access. Door hinges should also be located on the inside to prevent anyone from removing the door itself to order to bypass the lock (although, hopefully, such activity wouldn’t escape the CCTV’s notice).
While having superior data center physical security standards in place is always a good idea, logical security protocols can make it even more effective. Evaluating logical security vs physical security, then, is really about looking at how the two interact. Logical security refers to the specific controls put in place to manage access to computer systems and physical spaces within the data center. Using a locked door to safeguard the data center’s server room entrance may be a physical security best practice, but having to engage in two-factor authentication (in other words, requiring two different forms of identification) to actually open the door is a form of logical security.
This approach to data center security extends to computer systems as well. Passwords and user profiles are a common approach to restricting access, ensuring that only authorized personnel are able to access key systems such as servers. Of course, authorized access lists are only as good as their most recent update. For the most effective protection, the list of who can access what in the data center is absolutely essential. If access lists aren’t kept up-to-date, it’s entirely possible that people who should be not be authorized to access data and assets (former employees, for example) could stroll through the front door and steal valuable and sensitive information.
Logical security helps to protect against known threats like cyberattacks, but it also protects data centers from themselves. Human error is one of the most frequent causes of downtime and other IT misfortunes, whether through negligence or malicious intent. By implementing logical security protocols and continually updating user access lists, companies can ensure that no one can access their valuable data without their authorization.
By combining multiple forms of physical security with the protocols of logical security, data centers can implement powerful defenses that make it incredibly difficult for anyone to gain access to sensitive data without authorizations. For organizations that want to provide the best protection possible for their data while still putting it to use growing their business, a colocation data center is an ideal solution. Although cybersecurity will surely continue to demand much of their resources, implementing strong physical and logical security measures provides an extra layer of assurance and stability.