{"id":3814,"date":"2021-04-21T22:05:16","date_gmt":"2021-04-22T02:05:16","guid":{"rendered":"https:\/\/iesmartsystems.com\/?p=3814"},"modified":"2021-08-12T09:53:19","modified_gmt":"2021-08-12T13:53:19","slug":"data-center-physical-security","status":"publish","type":"post","link":"https:\/\/iesmartsystems.com\/data-center-physical-security\/","title":{"rendered":"11 Steps To Ensure Data Center Physical Security"},"content":{"rendered":"
In a world where critical business tasks happen virtually, it\u2019s easy to forget that even \u201cvirtual\u201d data must be stored in a physical location. As you may have heard it said, \u201cthe cloud is just someone else\u2019s computer,\u201d and most often that computer is a server in a data center that sits miles away from the work being done.<\/p>\n
The security of the location where those servers operate is arguably the first and most important layer of data security. Virtual or cyber-security is built on the integrity of physical security, because without trustworthy physical security, cyber-security is worthless.<\/p>\n<\/div>
Data centers are often categorized in four tiers, according to criteria such as uptime, redundancy, and utility support. Although the numbers may not appear radically different between each tier, rest assured that the cost required to achieve each tier differs dramatically. And while it might feel nice to have a Tier 3 data center for your small business, the expense is unlikely to justify itself. Also, looking only at the four tiers can obscure the sheer complexity associated with it. It\u2019s beneficial look for a partner that can help you lay out a data center security<\/a> plan that is both effective, and cost-efficient.<\/p>\n<\/div> If you think of your data as a treasure (which it is) that you need to protect (which you do), it\u2019s useful to expand the simile to that of a castle with distinct layers of protection and control. At the very center is the treasure, locked away from anyone who lacks authorization. At the outermost layer you have a wall that rebuffs the majority of un-sophisticated attacks. The closer you get to the data, the more precise and strict the security measures.<\/p>\n<\/div> In a sense, the real estate of your data center is a form of perimeter control. The further the building sits from roads or other buildings, the easier it is to keep people away. However, you may not have the option to pick an isolated spot, so the perimeter you can control should have a single point of entry and exit, maybe a second for delivery access (every additional gate or checkpoint adds complexity and room for human error). Look for ways to make the landscaping and building forgettable, uninteresting, and difficult to penetrate. Fencing, barbed-wire, car-proof barriers, and berms can all create a sense of isolation and protection around the building.<\/p>\n<\/div> Human checkpoints, RFID checkpoints, keyed doors, and even the architecture of the building itself are tools you should use to create a data center that is functional, and compartmentalized so that workers with varying access levels can accomplish their jobs without unnecessary friction. This is especially important when considering utility and maintenance access.<\/p>\n<\/div> Each server room should also have clear points of entry and exit, with fire doors designed for \u201cexit-only.\u201d Consider using multiple layers of authentication, such as RFID badging and biometrics the closer that people get to the \u201ctreasure.\u201d This prevents the \u201cfox-in-the-chickenhouse\u201d problem where once a malicious actor has penetrated the outer perimeter, they have unrestricted access to everything inside.<\/p>\n<\/div> This is the innermost layer of your castle. Once an employee or contractor opens the cabinet where the server lives, the system is at its most vulnerable. Depending on how your servers are arranged and dedicated to certain operations, you may have varying levels of \u201csensitivity.\u201d For the most critical or sensitive servers, you may want to require two-key access (where two employees have unique keys) to provide extra accountability for whoever is unlocking the cabinet.<\/p>\n<\/div> By thoughtfully designing the physical layout and operating dynamics for your data center, you\u2019re creating a layers of security that work 24\/7. However, there are other processes and protocols that you need to establish so the entire operation can function smoothly.<\/p>\n<\/div> Just like when you go to a popular night club and the bouncer checks to see if your name is on the guest list, you need lists that record who all has access to the data center and how deep their authorization allows them to go. You will need separate lists for employees, partners, vendors, and municipal authorities.<\/p>\n<\/div> Security cameras<\/a> may not stop unauthorized intruders, but they\u2019re essential for creating visibility throughout the data center. That way you can quickly access where an intrusion or problem is happening and respond appropriately, including possible lockdowns or crisis protocols. A security command center<\/a> is an excellent way to centralize the various systems in your data center, including video surveillance, HVAC, server cooling, and utilities.<\/p>\n<\/div> The advent of RFID stickers allows for fast and accurate inventory or asset control. Although it may not seem like an obvious security risk, the reality is that everytime a human being needs to open up the system and interact with equipment they raise the risk of an accident and possible failure. Thus a simple, fast, accurate asset management system gives you the granular visibility you need, and protects the reliability and profitability of your data center.<\/p>\n<\/div> Even if you have a robust HR process for evaluating and hiring qualified and trustworthy candidates, it\u2019s still important to run regular checks and validate that everyone, including vendors, contractors, and clients, requesting access to the data center pass the minimum requirements.<\/p>\n<\/div> The ISO\/IEC 27000 family of information security standards provides a robust method for verifying that your data center adheres to industry best practices. It also provides reassurance to clients that your operation has the proper policies, procedures, and accountability to handle sensitive data. Although you can run informal audits according to the ISO 27000 standard, the only way to receive a certification is by hiring an authorized auditor to perform the audit.<\/p>\n<\/div> It seems like every heist movie relies on getting into the HVAC for some reason or another, it could be to gain un-authorized access to the innermost rooms or simply to falsely trigger the emergency response system. While theft-by-HVAC may not be your chief concern, the reality is that HVAC systems are out-of-sight and out-of-mind until something goes wrong, so it\u2019s important to design the system to be as secure and reliable as possible. Data centers generate an immense amount of heat and having an air-conditioner fail could allow server temperatures to fluctuate outside the normal operating range, leading to unexpected equipment failure or other downstream complications.<\/p>\n<\/div> Any fire is catastrophic if left unaddressed, but conventional fire suppression systems that rely on fusible links and water dispersal could be just as catastrophic to the electronics that comprise your data center. It\u2019s best to install systems that can contain and suppress the fire without compromising the equipment. It\u2019s also critical that all staff understand the procedures around fire and how to evacuate quickly and safely (in a castle of locked doors and no windows, you don\u2019t want anybody getting trapped in an emergency).<\/p>\n<\/div> Location planning<\/p>\n<\/div><\/li> Perimeter management<\/p>\n<\/div><\/li> Authorized access lists<\/p>\n<\/div><\/li> Building access control<\/p>\n<\/div><\/li> Room access control<\/p>\n<\/div><\/li> Cabinet access control<\/p>\n<\/div><\/li> Fire and emergency response systems<\/p>\n<\/div><\/li> RFID inventory system<\/p>\n<\/div><\/li> ISO 27000 compliance process<\/p>\n<\/div><\/li> Redundancies (Power, Water, and HVAC)<\/p>\n<\/div><\/li> Video surveillance<\/p>\n<\/div><\/li><\/ul><\/div><\/div><\/div><\/div> i.e.Smart Systems is a Houston, TX based technology integration partner that specializes in design and installation of audio\/visual technology and structured cabling. For more than three decades, our team of in-house experts has partnered with business owners, architectural firms, general contractors, construction managers, real estate developers, and designers in the Houston market, to deliver reliable, scalable solutions that align with their unique goals.<\/p>\n<\/div><\/div><\/div>Tier 1 Data Center<\/h3><\/div>
\n
Tier 2 Data Center<\/h3><\/div>
\n
Tier 3 Data Center<\/h3><\/div>
\n
Tier 4 Data Center<\/h3><\/div>
\n
Layers Of Control<\/h2><\/div>
Perimeter Control<\/h3><\/div>
Facility Controls<\/h3><\/div>
Computer Room Controls<\/h3><\/div>
Cabinet Controls<\/h3><\/div>
The System That Sustains The System<\/h2><\/div>
Access Lists<\/h3><\/div>
Cameras<\/h3><\/div>
RFID Asset Management<\/h3><\/div>
Employee Checks<\/h3><\/div>
Annual Audits<\/h3><\/div>
HVAC<\/h3><\/div>
Fire Protocols<\/h3><\/div>
Data Center Physical Security Checklist<\/h3><\/div>
About i.e.Smart Systems<\/h4><\/div>