KEN'S KORNER - Data Center Physical Security
Data Center Buildings - Physical Security
Security needs vary based on the size, location and data housed in your data center.
Data Center security is a lot like an onion. Not only does it make you cry, you need to have it in multiple layers built up from the area you’re trying to protect.
• The location of the data center directly affects security of the facility. Is the site physically removed from neighboring structures? Who are your neighbors? Are you in close proximity to airports, chemical facilities, power plants, and active rail lines? You don’t need someone else's accident to become your disaster. You can’t avoid them all, but it helps to recognize the potential for problems and mitigate the risk before it happens.
• If part of a multi-tenant building, who are you adjacent to, including above and below? You don’t want the tenant immediately above your data center locating bathrooms (water), water-based fire suppression or a kitchen (fire) below you. Consider these and other scenarios as posing additional threats.
• If possible, avoid a location that is part of a building or adjacent to a high traffic area. It is hard to evaluate suspicious activity in a high traffic area.
• Keep a low profile; don’t draw any unwanted attention by putting the name or logo of your company on the building or an exterior sign.
• Do you have redundant utilities, including electricity and water service?
• Exterior walls, doors and windows need to be constructed of materials strong enough to withstand hurricane or tornado force winds, and should utilize UL rated ballistic materials.
• Use steel doors and frames; make sure the hinges cannot be removed from the outside.
• Use shrubbery, fences and barriers to obstruct peoples view of the data center. This prevents visual inspection of the building, its layout and security systems.
• When using landscaping around the perimeter of the building, make sure that trees and shrubbery are set back from the building and cannot be used by an intruder for concealment.
• The data center should have in place physical elements that prevent vehicles from ramming or breaching the exterior of the building. Short concrete walls, barricades, bollards, berms and gulleys, large boulders, and some fences may serve the purpose. These crash proof physical barriers can even be decorative as concrete baluster planters and ornamental bollards often are. Fences, trees, berms and gulleys, also serve to obscure the building from passing cars.
• Use crash proof physical barriers at vehicle entry points to control access to the parking lot or loading docks. Retractable bollards, a guard station with a raised gate can all provide added security and deter unwanted visitors.
• If you aren’t going to light the exterior building at night, consider using motion detection lighting especially around doors and windows and any other possible point of entry into the building.
• Closed circuit surveillance cameras should be positioned all around the building especially at all building entrances and the exterior doors. Motion detection, low-light, fixed and pan and zoom cameras all provide solutions to nearly every situation, feeds should be recorded and stored off site.
• For increased security, use continuous video surveillance and digital recording systems with footage stored off site.
• Security breach alarms will alert you if any exterior doors, other than the main entrance, are opened.
• Consider electronic motion sensors, used on the roof of the building or around the perimeter of the building.
• Type and quality of cameras depends on how the video feed is to be used. If the camera is to serve only as a deterrent, then a low quality fixed position camera may be sufficient. If you need to zoom in and identify a person by the feed image, a higher quality pan and zoom camera may be required.
• There should be a limited number of building entrances. Ideally you’ll use one main entrance and one loading dock. Make the main entrance a highly visible and well lighted space.
• Place the main entrance door in a way that only traffic intended for the data center is near the door.
• Place cameras at the main entrance and make them highly visible to let all visitors know that they are being watched.
• Place a sign at the door and leading up to the entrance to announce to everyone that cameras are present and being used to record movement. Sometime the placement of a sign near the camera will draw people to glance up to the camera where you can capture a face shot.
• Perimeter doors should be alarmed and monitored. Emergency or fire exit doors should not have handles on the exterior, and when opened a loud alarm should sound and the security command center should receive notification. Loud alarms act as a deterrent, while silent alarms are preferred if your goal is to catch someone in the act.
• Install locks and door alarms on all roof access points, or better yet, avoid roof entry points whenever possible.
• Keep security systems attached to back up power systems.
• A data center doesn’t have to be breached to shut it down, external support systems are vulnerable if not properly protected, including water and power lines, generators and other equipment. If this equipment isn’t housed inside the data center building, enclose it in a courtyard or fence it in to help protect it.
• Shipping and receiving doors which may need to be opened for prolonged periods, if possible enclose in a courtyard with limited entry. The entry from the shipping/receiving area into other parts of the building should be kept closed at all times and secured, limiting the introduction of contaminants and unauthorized visitors into the inner data center environment.
• Consider using a mantrap to control entrance into the facility from the main entrance. This way you can avoid unauthorized persons from entering by piggybacking or tailgating authorized personnel.