External and Building Security for Data Centers

Whether an IT organization is managing its own in-house data center or procuring service from a colocation provider, it’s important to understand what goes into strong external security measures. Here are the essential components any facility handling sensitive customer, employee, financial, or other information must have:

Perimeter security

• Fencing. Any property with a data center should be surrounded by SSAE 16-compliant fencing, which means that it meets standards outlined in the Statements on Standards for Attestation Engagements. The fencing should limit ingress and egress on and off the campus.
• Guards. As important as technology has become in enhancing security—and we’ll get to that—there is still a need for human involvement. All entrances, including shipping and receiving gates, should have full-time, manned security stations.
• Detection devices. Depending on the situation, guards may need to wand all visitors and/or a metal detector or other scanner can be used. Physical searches of delivery trucks and other arrivals can also be helpful.

Building impermeability

• Pylons. To prevent vehicles from making physical contact with the data center building, pylons are the usual solution. These are usually made of reinforced concrete and submerged three to six feet to provide good stopping power.
• Reinforced walls. By the same token, exterior walls that are reinforced with Kevlar, steel, or other industry-standard materials reduce the likelihood of access via explosives or external force.
• Roof protection. Should an intruder gain access to the property, anti-climb devises, such as trellises or spikes, will deter roof access.
• Vent security. We’ve all seen enough Mission Impossible movies to know that vents are vulnerabilities. Intake and exhaust vents should have grates or other deterrents to prevent access to interior spaces.
• Biometric technology. Today the use of finger scans, retinal imaging, and other biometric technology can greatly enhance security by providing accurate identification of individuals. When paired with granular access rights and matched to interior door and workstation logins, such technology can not only provide protection from unauthorized access, but track that access and activity by individual.

Data center design

• Windowless environment. Servers don’t need a view, and windows should not appear in the data center, where they provide an access vulnerability. Other areas, such as administrative offices, should have windows that are tinted and shatter-proof, as well as integrated into the alarm and other security systems for the site.
• No direct exit. The data center should not open to the outside, as it limits the number of access barriers an intruder must overcome. All traffic in and out of the data center should pass through guard stations and, preferably, other areas, such as reception, to maximize the likelihood of intruders being observed and stopped.
• Biometric access. Additional biometric access points should be placed at the data center itself, so that all visitors are identified and logged and unauthorized access, even from in-house staff without appropriate clearance, is blocked.

If any of these elements is lacking in an on-site data center or a colocation facility, the information being housed and the continuity of operations could be in jeopardy. Security reviews are an important part of any data center planning or vendor selection process. Additionally, routine security checks should be conducted on a regular basis to ensure that the most up-to-date methods are being incorporated.

Unfortunately, that’s not all that goes into strong data center security. Next we’ll cover essential interior security measures.