A lot of important things exist in a nearly virtual world — from our communications and entertainment content to our bank account balances. All of these are stored or transmitted as collections or streams of digital bits that we have come to take for granted.
But protecting that material requires not only parts of that same virtual world, such as passwords and security software, but also real protections in the physical world where the data servers and other network equipment are actually located. Normally, access to the data center itself is controlled by a primary physical security barrier, but within the data center there can be additional physical protection elements tailored to reduce specific risks.
Physical security elements can play an important role in data center security for reducing the risk of both malicious and accidental damage to the network or data. A thorough risk assessment should highlight the specific threats to include in the security plan and suggest the best physical locations to protect. As part of a layered security plan, there can be more than one layer even within the immediate equipment rack area.
If we consider an equipment rack installed in a data center and populated with equipment, there are several layers of physical protection that can be easily applied. Starting with the most specific and working outwards:
- Security panels can cover a specific, individual piece of equipment to prevent accidental or intentional tampering. These panels are screwed in place; for additional security, use available tamper-resistant rack screws. This solution can be very specific, leaving the rest of the equipment in a rack completely accessible.
- Security covers can also shield specific equipment but provide visibility and authorized access with a locking plexi door.
- Security doors are designed to control access to larger sections of an equipment rack, while again providing free access to the remainder of the rack. They can also be installed to provide access to different parts of a rack to different persons.
- Rack doors provide controlled access to the entire rack. They can be fitted with a wide range of lock types, including key locks and more sophisticated electronic locks. Don’t forget the back doors too, if there is access to the back of the racks.
Note that these solutions can also be implemented together. For example, an overall locking rack door can limit access to the rack, while a security cover inside the door can provide a second level of protection for particular pieces of equipment.
A layered security plan should also consider risks outside the equipment rack that nonetheless could affect equipment in the rack.
For example, equipment holding critical data can be physically protected by several layers of locked doors but still be vulnerable to simply turning off an accessible circuit breaker. Make sure that uninterruptible power supplies (UPS) are part of the security plan. Consider what other external systems, if tampered with or damaged, could allow damage to the equipment, such as air handling or cooling systems, and take steps to protect them as well.
And, not all security risks need to be sophisticated. Stymied by locked rack doors or security panels, someone intending to cause damage might think of a more direct approach and just push a rack over. This event can be prevented by securing racks to the floor. Floor mounting kits, including seismic kits designed for higher strength and undergo additional testing, are available at low cost relative to their potential security value.
Kevin Handerson is Marketing Director for Middle Atlantic Products. He can be reached at firstname.lastname@example.org.