The Result of a Physical Security Breach in a Data Center
By: Ross Warrington on February 28, 2019
The phrase “physical security breach” sounds quite dramatic and likely conjures up images of a complex, multi-stage heist like something from a Mission: Impossible movie. In reality, of course, data center physical security breaches are usually far less exciting. Rather than a skilled intruder sneaking through security with falsified credentials and high-tech tools, the culprit is much more likely to be a personal flash drive someone plugs into a server without knowing the device contains malware.
Security Breaches: The Reality
The real dangers of data center physical security breaches, of course, have to do with data exposure. Even in the (extremely unlikely) event that someone manages to steal a server, companies would be far less concerned about the equipment itself than about the confidential data stored inside. With companies collecting personally identifiable information in many different forms, consumers are becoming increasingly concerned with how well that data is being protected.
And as far as they’re concerned, a breach is a breach. It doesn’t matter to them if it was caused by a cyberattack or a failure of physical security.
This means that data centers need to look at security from a holistic standpoint. There should not be sharp divisions between digital and physical security measures; both need to work together along with logical security access policies to protect valuable data from being exposed.
Data Center Lockdown
In the rare event that a data center does suffer a breach in its physical security, there are several response measures in place to contain and resolve the situation before any data is put at risk. Here are a few examples that show how a data center can react quickly to protect customer assets in the event of a security breach:
Scenario 1: An unauthorized visitor bypasses the perimeter.
In the unlikely event that someone slips past the perimeter defenses undetected, the chances of them getting much farther aren’t very good. Access points within the facility will require multi-factor authentication, usually requiring biometric identification in addition to some kind of challenge information or physical credential. Since all visitors must be signed in at the gate, even if the intruder was able to bypass the authentication system, they would immediately be flagged by security for not being a registered visitor.
Scenario 2: A “tag along” visitor tries to slip inside.
Some intruders try to gain access by “tagging along” with someone who does have authorization. They follow close behind them, attempting to slip through doors before they close or rush through security before anyone has a chance to ask them to identify themselves. Fortunately, data centers utilize turnstiles and man-traps at entry points to prevent this sort of intrusion. These barriers also make it impossible for people to hand their credentials back to someone who has not passed through yet, leaving the person without valid authorization standing on the outside looking in (and likely getting some uncomfortable questions from 24x7x365 security personnel).
Scenario 3: Someone accidentally uploads malware.
Malware typically finds its way into a company’s network not by breaching its defenses, but by going around them. An employee’s home network and personal devices are often exposed to far more security risks. Once malware is embedded in these devices, they can simply wait until they come into contact with the company’s network through the authorized (and completely unaware) user. In a data center environment, however, business intelligence platforms like vXchnge’s award-winning in\site offer tremendous visibility into a company’s network. Unusual activity that breaks with established patterns, such as large numbers of files being accessed in a short period of time, creates security alerts that remote hands personnel can address immediately before data is fully compromised.
Scenario 4: A former employee tries to access the facility.
Many insider threat security breaches are the result of a gap between the time an employee leaves an organization and when their credentials are withdrawn. By synchronizing a data center’s access control system, which maintains lists of authorized users, to the customer’s portal, companies can update their access lists in real time. This allows them to grant or revoke access immediately, eliminating the chance that someone who leaves an organization will still be able to access its data assets. If a former employee does try to access the facility again, they’ll never get past the front gate.
Scenario 5: An authorized visitor tries to access someone else’s servers.
The server room is the heart of the data center, protected by multiple layers of security with strict authorization requirements. But what if someone with access to the server room tries to access someone else’s servers? Setting aside the fact that the server room is monitored by cameras and data center staff, this scenario is unlikely to result in a breach because of the final layer of protection at the server rack level. Cabinet locks requiring multi-factor authentication, often incorporating biometrics, ensure that only authorized personnel can access a company’s colocated IT equipment. Even if they could break the lock, RFID technology can send alert notifications whenever a cabinet door is opened or a rack is tampered with in any way.
By taking a multi-layered approach to physical security, data centers are able to protect critical IT assets. Even if one physical security measure is compromised, other systems are in place to guard against potential data breaches. Given the high cost of suffering a breach, data centers are a valuable partner for organizations looking to safeguard their valuable IT infrastructure and avoid physical security breaches.
About Ross Warrington
Ross is a Regional Vice President, Operations at vXchnge and is responsible for managing all 14 data center locations. With more than 30 years of experience, Ross has managed data center construction, engineering, repair and maintenance, leading him to the emerging business of colocation.