10 Jun 2013

How secure is your data center?

Question: How secure is your data center?

Possible Answer: It is iron clad! You have monitoring systems, VPN gateways, firewalls, system for intrusion detection and more. You are ready for anything that comes your way! No one in this world will be able to manipulate your network. Your data center is the Fort Knox of all the data centers present in this world! That is quite impressive. Your data center network is impregnable and impenetrable.

Twist

We ask again but we add something extra – What is the degree of your physical data center security? The question is not about your network security. It is about the physical security of your data center site. While most of the companies pay huge attention to network security, it is a common industry practice (which is a bad practice) to overlook the physical security of the data center site. Their facility access lacks proper rules and regulations. The companies do not come up with a master plan to prevent unauthorized breakthrough or measures to deal with natural and manmade disasters. So, why does the physical data center security take the back burner? It is the cost! Most companies will generally overlook the physical data center security because of huge amounts of costs involved. But in the end, the security you get is worth the money spent.

Physical Data Center Security Checklist

Physical data center security can be broadly classified into two parts. Each part is then divided into multiple parts or factors. These are briefly discussed below:

People Aspect of Physical Data Center Security

The people aspect of physical data center security can be divided into two parts:

Outsiders

  • Guards: Run criminal background check on the guards. They must be well-trained to be able to follow and to enforce security policies.
  • Cleaning Crew: The cleaning crew or staff should be divided into two or more groups. The crew should not have access to Network Operations Center (NOC) and offices. Should they access the offices and NOC, they must always be accompanied by NOC personnel.
  • Service Engineers: Service engineers must always log their details while entering and leaving the building. This must be done at the entrance of the building. In case they access a computer room, their badge exchange must be logged by NOC.
  • Visitors: Visitors must be escorted by those who are being visited. Data center management must give written approval before the visitors can access a computer room.
  • Policy: A Non-Disclosure Agreement should be signed by every user. They should sign a Physical Security Policy.
  • Education: Users should be taught how to identify intruders and to secure workstations within the facility. They must also be taught how to secure laptops outside the facility.

Property Aspect of Physical Data Center Security

  • There are several factors which must be taken account of to ensure that the physical security of the data center property can be ensured. Here are some of the highlights:

  • The frequency of natural disaster in the chosen location for the data center must be within acceptable range.
  • The possibility of manmade disaster in the chosen location should be very low.
  • Data center should not be located anywhere close to stadium, airport, parade routes, pipelines, refineries, banks, freeways, tank farms, prisons, etc.
  • Utility suppliers for water and electricity must have 99.9% or more reliability and they should be provided from multiple sources so that if one goes down, the others stay functional.
  • The site should not have any other offices sharing space with the data center.
  • There should be a minimum of 20 feet buffer or perimeter area around the facility, which should be monitored 24×7 by strategically placed CCTV cameras and patrol units.
  • The parking lot should be at least 25 feet away from the facility.
  • There should not be any publicity indicating that the facility is a data center.
  • Computer rooms should not have outside windows as they increase the risk of HERF gun attacks and loss of confidential data because of Van Eck Radiation. The windows will also allow sunlight which can heat up the servers. The computer rooms should be placed at the central point of the facility.
  • Doors and loading docks outside the building should have mantrap and automatic authentication. Biometric authentications should be used for identifying individuals entering the facility.
  • Computer rooms must have restricted access and should not allow smoking, food and drinks of any kind.
  • Computer rooms must also have CCTV camera surveillance.
  • All computer rooms must have heat dispersal, cable management and air filtration system.
  • Computer rooms must have environmental sensors which will constantly monitor temperature and humidity of the rooms.
  • The cooling towers should be completely separated and must not be in the parking lot.
  • There should always be backup power.
  • If any document containing information needs to be discarded, it should be destroyed completely. You can use the help of specialized document destruction companies.
  • NOC should have systems for monitoring humidity, temperature, weather, power and fire.

Important Aspect of Physical Data Center Security

  • If you are looking forwards to a leased facility, it will be very likely that the computer room space will be shared and hence, before you enter the lease agreement enter a clause which will require your competitors to be monitored constantly for compliance. Also ensure that the equipment of the competitors should not be located in the same computer room and if they do have equipment in the same computer room, there should be cabinets for locking the equipment.

]]>