A Logical Approach to Physical Data Center Protection
Data centers are commonplace in the commercial and industrial sectors and yet they offer numerous security challenges. From initial risk assessment to implementing solutions to ongoing maintenance, find out how to cover all the bases to effectively keep these critical areas out of harm’s way.
Securing a data center is a big job. As the systems integrator, it’s your job to understand the intricacies of data center security, what’s needed and, most importantly, how you can best help your customer make the right product choices.
Understanding your client’s needs, and providing valuable suggestions that will help them save money and better manage and protect their building, will earn you a customer for the life of the system — and beyond.
Steps to success include performing a risk assessment; analyzing and specifying equipment and solutions; implementing a layered approach with perimeter security, access control, video surveillance and intrusion detection; evaluating, designing and deploying fire/life-safety solutions; assessing and addressing environmental concerns and controls; defining and establishing security protocols and procedures for the data center, as well as the overall enterprise; training end-user personnel on system use; and servicing and maintaining the systems.
Starting at the Perimeter
Determining what is needed to secure a data center requires upfront work and forethought. First, work with your system user to perform a thorough risk assessment of the property and building. When completed properly, the results will guide the remainder of the physical and logical security design. The purpose of perimeter security is to deter, detect and delay entry.
A risk assessment will dictate where to implement security, such as determining camera locations and which doors should have readers, and the number of security authentications needed to open a door. The environment and architecture will dictate what types of technology to deploy.
In a data center environment, the key is to implement a layered approach to security. Start from the perimeter, for example, from the parking gate or building entrance, and work inward to the core (for more on safeguarding the core, see sidebar). Layering authentication provides enhanced security. Deploying a card and PIN is more secure than deploying a card alone. People can share or lose cards, compromising security. Adding a PIN creates another layer, improving security and decreasing the chance for a breach.
Deploying a card + PIN + biometric is even better. People can’t share fingerprints, therefore making it virtually impossible to compromise the security management system. While some biometric applications can be expensive, you can utilize the risk assessment data to determine where biometric technology is most effective. To save money, use a card-only or card + PIN at most outer layer doors, and install video and intercom as another layer of security.
A rule of thumb is to authenticate a person seven times prior to reaching the core of the data center. Start with a card only or security guard checkpoint on the perimeter and increase the level of authentication with each layer. Use biometric + card swipe + PIN to gain access to the core of the data center. Work closely with your customers to help them define areas within the data center and limit users to only those areas where they have a business need to operate.
Vet all visitors and deliveries outside of the building “skin” to ensure only authorized people and objects are allowed to enter. Choose a security management system that provides a perimeter intrusion system to ensure the property only contains properly vetted people, or integrates with it.
Handling Server Hosting Clients
If you have a server hosting company as a customer, the risk assessment and same upfront work must be completed to figure out how to secure the data center. The difference lies in how to securely segregate customers from one another within the server area.
Carefully review how the server farm is configured. Each server must be safeguarded from outsiders, or noncustomers. Customers must have a way to reach their individual server in a safe way, while not intruding on the other servers. Some server farm companies use indoor fencing or walls to segregate the servers.
Each customer is then allowed a secure credential, or card + PIN to enter into their private server area. The hosting company can track customer movement and monitor. The customer is then confident that their server is safe and they can access it, and the hosting company is certain it can control access and limit unauthorized users from accessing servers that are not theirs.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!