By Emily Newton
Many approaches to data center security focus on stopping attacks that originate in the online realm. Indeed, protecting against those incidents is essential for a well-functioning data center. However, it’s also vital to improve physical security. Here are some actionable ways to do that.
Use the Five Rings Approach
If you’re only starting to optimize physical data center security, choosing the best way to begin may seem challenging. One thorough option to go with is what security experts often call the Five Rings approach. It involves improving specific security measures in five areas of the data center. Here’s a breakdown of those places and some proactive things you might do to enhance security.
1. Building Entrances and Exits
Securing a data center’s entry and exit points means having security cameras installed that can show 360-degree perspectives on what happens in the facility’s external property boundaries and surroundings.
Consider adding biometric readers so that staff members or other authorized persons can come and go without unnecessary friction. If the data center gets a large number of visitors, having a staffed guard shack could make it easier to verify when expected guests arrive. Maintaining a guarded entrance also acts as a theft deterrent by emphasizing that people who show up without permission will get questioned and likely turned away.
Creating a visitor log by having people sign in and out is a straightforward but effective way to keep tabs on data center activity. Also, if part of the visitor authorization process involves giving people badges to wear during their time there, ensure that a data center employee takes back those credentials at the visit’s end. Otherwise, someone might try to reuse them.
2. Mantrap Entry
A data center mantrap is a small room located directly outside the data center. It has one door going into the facility entry point, then an exit point that leads to the non-secure areas. Mantraps are access control measures that only allow a person to go through one of the doors once the other gets closed and locked.
Use biometric scanners and keypads where people can enter PINs to enter the mantrap. Also, make the mantrap small enough so that only one person can be in it at a time. Otherwise, the possibility exists of a person trying to rush up behind an authorized party to “share” that individual’s access.
3. Mantrap Exit
Ensure that people must go through the same process for leaving the mantrap as entering it, including engaging with a biometric scanner again and entering a PIN. Verify that only one person may do that at a time.
4. White Space Entry
The white space is the area of the data center containing all the IT equipment. It houses servers and storage, power distribution units, racks and air conditioners.
Security for your data center’s white space should ideally include card readers and biometric scanners. Those systems work together to grant access to authorized parties while keeping out people who don’t have permission.
Consider how to deter people who manage to get into the white space without authorization, too. Taking a layered approach to security is a wise decision since no single measure is entirely foolproof. Using tamper-proof fasteners when mounting servers is one example. Those bolts, screws and nuts are physically impossible to remove unless someone has the correct tool. Taking them out may even require cutting or drilling.
5. Cage or Cabinet Access
The measures required for someone who needs to interact with the equipment in a cage or cabinet may entail using a key. However, in higher-security facilities, the better approach is to go with dual authentication. Have a person use a PIN plus biometrics for entry.
Some data centers also have multiple clients sharing cages and cabinets. In those cases, a more individualized approach to security becomes warranted. It may mean having keypads that help a person access each space.
Certain clients may also request exceptionally robust security measures. For example, applying double meshing for cages creates such small gaps that not even a USB drive could fit through them. Cages and cabinets may also include motion-triggered cameras that record any activity in those spaces.
Adopt a Holistic Mindset
Keeping a data center secure requires understanding which physical threats a data center is most likely to experience. After learning about those foundational aspects, people are in optimal positions to begin implementing risk mitigation strategies.
Andy Miller, the security risk manager at BT, a security, cloud and networking service provider, explained, “The foundation of protecting data center assets is to ensure you truly understand how critical each of your assets are, and the associated risks to service operations if they are compromised. When it comes to understanding and then mitigating risk, you must think holistically and ensure that you aren’t forgetting to address the physical aspects.”
He continued by giving examples of some of the physical risks that could affect data centers, clarifying, “This includes employee identity and access management to avoid unauthorized access; considering the effects of disruption from power or utilities issues; how you would deal with environmental causes such as flooding; and even more extreme situations such as explosives, electromagnetic pulse (EMP) attacks or a hostile vehicle incident.”
The possibilities that Miller mentioned emphasize the importance of considering and ranking all potential physical data center threats, even if it seems they’re very unlikely to occur. It’ll also likely become clear that there’s some crossover between physical and cybersecurity.
In one recent example, a man allegedly stated that he planned to “kill off about 70% of the internet” with C-4 plastic explosives. He targeted one of Amazon’s Virginia data centers, but federal authorities arrested him before the intentions could occur. That scenario shows how physical threats (bombs) could affect online resilience.
Build Security Into Your Hiring and Training Practices
Another excellent way to focus on the physical aspects of data center security is to ensure that everyone understands their role in keeping the facility safe. Carrying out rigorous screening procedures can also reduce the chances of hiring someone who has ill intentions.
During a new employee’s onboarding process, assess whether their responsibilities genuinely necessitate having full or extensive access to most parts of the facility. Google claims that less than 1% of employees can access the company’s data centers. Those who have that privilege get pre-approved and must pass through multifactor authentication systems.
There may be employees — such as receptionists or customer service representatives — who never see the areas of a data center with the tightest security and most valuable equipment. However, they should still receive training about data center physical security measures.
That’s because people trying to gain access to the facility without permission may use social engineering to earn employees’ trust. However, they’re less likely to succeed if all workers know the telltale signs and commonly deployed tactics.
Data Center Security Matters
These actionable tips will get you off to a good start while looking for and addressing any physical security concerns at your facility. Tackling those matters helps your data center become more resilient, thereby making the company more competitive within an in-demand sector.
Emily Newton is the Editor-in-Chief of Revolutionized Magazine. She has over three years of experience writing articles in the industrial sector.