Securing a data center is a big job. As the systems integrator, it’s your job to understand the intricacies of data center security, what’s needed and, most importantly, how you can best help your customer make the right product choices.
Understanding your client’s needs, and providing valuable suggestions that will help them save money and better manage and protect their building, will earn you a customer for the life of the system — and beyond.
Steps to success include performing a risk assessment; analyzing and specifying equipment and solutions; implementing a layered approach with perimeter security, access control, video surveillance and intrusion detection; evaluating, designing and deploying fire/life-safety solutions; assessing and addressing environmental concerns and controls; defining and establishing security protocols and procedures for the data center, as well as the overall enterprise; training end-user personnel on system use; and servicing and maintaining the systems.
Starting at the Perimeter
Determining what is needed to secure a data center requires upfront work and forethought. First, work with your system user to perform a thorough risk assessment of the property and building. When completed properly, the results will guide the remainder of the physical and logical security design. The purpose of perimeter security is to deter, detect and delay entry.
A risk assessment will dictate where to implement security, such as determining camera locations and which doors should have readers, and the number of security authentications needed to open a door. The environment and architecture will dictate what types of technology to deploy.
In a data center environment, the key is to implement a layered approach to security. Start from the perimeter, for example, from the parking gate or building entrance, and work inward to the core (for more on safeguarding the core, see sidebar). Layering authentication provides enhanced security. Deploying a card and PIN is more secure than deploying a card alone. People can share or lose cards, compromising security. Adding a PIN creates another layer, improving security and decreasing the chance for a breach.
Deploying a card + PIN + biometric is even better. People can’t share fingerprints, therefore making it virtually impossible to compromise the security management system. While some biometric applications can be expensive, you can utilize the risk assessment data to determine where biometric technology is most effective. To save money, use a card-only or card + PIN at most outer layer doors, and install video and intercom as another layer of security.
A rule of thumb is to authenticate a person seven times prior to reaching the core of the data center. Start with a card only or security guard checkpoint on the perimeter and increase the level of authentication with each layer. Use biometric + card swipe + PIN to gain access to the core of the data center. Work closely with your customers to help them define areas within the data center and limit users to only those areas where they have a business need to operate.
Vet all visitors and deliveries outside of the building “skin” to ensure only authorized people and objects are allowed to enter. Choose a security management system that provides a perimeter intrusion system to ensure the property only contains properly vetted people, or integrates with it.
Handling Server Hosting Clients
In a data center environment, the key is implementing a layered approach to security. Start from the perimeter (e.g. the parking gate or building entrance) and work inward to the core. Photography ©istockphoto.com/baranozdemir
If you have a server hosting company as a customer, the risk assessment and same upfront work must be completed to figure out how to secure the data center. The difference lies in how to securely segregate customers from one another within the server area.
Carefully review how the server farm is configured. Each server must be safeguarded from outsiders, or noncustomers. Customers must have a way to reach their individual server in a safe way, while not intruding on the other servers. Some server farm companies use indoor fencing or walls to segregate the servers.
Each customer is then allowed a secure credential, or card + PIN to enter into their private server area. The hosting company can track customer movement and monitor. The customer is then confident that their server is safe and they can access it, and the hosting company is certain it can control access and limit unauthorized users from accessing servers that are not theirs.