Security layers in data center

Security layers in data center

Data is a commodity that requires an active data center security strategy to manage it properly. A single breach in the system will cause havoc for a company and has long-term effects. When a company entrusts its IT infrastructure and networks with a data center, it wants to have an assurance that the very latest in physical security standards will be implemented. Some of these features are easy to evaluate usually called layers. Here outline five layers mostly found in data centers.

Five security layers in Data Centers
  1. Perimeter security

On the outer perimeter of the data center is the multi-faceted wall, the first line of defence to withstand every possible type of attack and natural disaster. Copper wires and diesel are potential attraction of looters. Physical barriers are important as they serve to dishearten potential intruders. In order to ensure maximum security, the perimeter wall needs to be coupled with additional features that we have highlighted below.

  • Cameras
  • Wall ultrasonic / laser alarm for intruder
  • High voltage wires (remote areas) with notice

2. Guard Room

The second layer is the guardroom at the entrance. All visitors should be required to register at least 48 hours before their visit using work order (based on access policy) regarding their background, purpose of visit and list of accompanying people. They should only be allowed access to the facility in the limited zone areas after prior screening and approval. Upon entry, any items that visitors carry must be put through an industrial x-ray and a metal detector to ensure no unauthorized items are brought into the site. Every person’s entry is noted in register and every items are also registered .

Guard room should contain following things

  • Fire blanket
  • Fire extinguishing cylinder
  • Phone (Cable and mobile both)
  • List of important contact numbers
  • Building exit paths diagram
  • CCTV command and control center
  • Wireless handsets
  • Fire alarm system manual call point

3. Personal access to secure zone

Visitors to the data center should then be given access passes to specify which areas they are allowed to enter, other areas are prohibited. Visitors will only be given access to certain floors / halls to prevent unauthorised persons from entering the premises. Every person with access to the facility has the potential to undermine any of the security systems, hence limiting the movement of visitors around the facility is crucial to keeping the integrity of the data center. Zero trust access policy can be implemented using high tech cameras with facial recognition feature and educated well informed guards.

4. Data center IT Hall

IT Hall should be under comprehensive CCTV surveillance for any suspicious activity, and to maintain visual contact of every visitor at all times, as this is where the racks are housed. At any point in time, a data center must know exactly who is in the hall, where they are and what they are doing. If there are more people than there should be, an alert that should go off. Camera should be installed at all gates as well as in every row. These cameras are useful in security of IT hall as well as they are collecting proofs before any incident and later helpful in root cause analysis.

5. Rack level access

Only a very specific, pre-assessed, pre-approved selection of people will be given access to the rack. Biometric locks in racks provide excellent access control as it cannot be duplicated or physically stolen, it ensures the safety of the data housed on the racks. On top of this, many customers can opt to have their own rack surveillance based on their specific needs.

Summary

A good operations team should consider the worst case scenario and apply all possible security measures to ensure an impregnable facility. Following the industry standard is not enough, facilities should always be updated on new technology advancements or developments in the threat landscape and proactively anticipate them.

Leave a Reply