Physical security considerations for
the data center
APPROPRIATELY so, companies pour a great deal of attention, resources, and money
into software solutions covering Internet, network, application,
virtualization, cloud service, and other security concerns. Software security
is only half the battle when it comes to securing the data center data,
however. Implementing and maintaining physical security measures are also vital
and arguably every bit as important. As industry experts point out, an intruder
who is able to tamper with or even remove a server full of data can effectively
cripple the company.
Software
security is only half the battle when it comes to securing the data center
data, however
Throwing technology at the problem isn’t
enough, though. As Jenna Maertz, research analyst with Info-Tech Research Group
(www.infotech.com), says, “Technology
fails. Embrace this mantra when designing your security strategy. You can have
the newest and shiniest technology in place, and a security breach can still
occur. Have a backup plan, and a backup plan for your backup plan.” To that
end, the following explores various aspects of physical data center security to
consider.
View everything as a whole
Assessing a data center’s physical
components (entryways, access points, surveillance, etc.) to pinpoint where
weaknesses reside is vital, but so is considering the data center as a whole.
This means assessing physical security and employee access, Maertz says. “Your
security strategy needs to take into account more than just the physical.”
This strategy applies to businesses of all
sizes, says Derek Brink, vice president and research fellow with Aberdeen Group
(www.aberdeen.com). A holistic risk
assessment should encompass logical and physical security and personnel safety,
he says. “Most companies have implemented physical access control systems – for
example, proximity based card systems and just as there are policies for who
should have logical access to data center resources, there should be policies for
who should have physical access,” Brink says. Review these policies
periodically, he says, to prevent “inappropriate accumulations of access
privileges as roles change over time and ‘orphan’ access privileges remain
open, even after someone has changed roles or left the company, and so on.”
Your
security strategy needs to take into account more than just the physical
Traditionally, physical and logical access
control systems have been separate and independently managed, Brink says.
Research, though, indicates there are a few specific points of convergence.
“One is the use of a common access credential – typically a card form factor
for both logical and physical access,” he says. These deployments are most
prevalent in government-oriented deployments based on the HSPD-12 [Homeland
Security Presidential Directive 12] requirements and the PIV [Personal Identity
Verification] standard but also adopted by enterprises, he says.
Another convergence point is the
aggregation and correlation of information and events in the back end to
correlate physical events (such as walking in to the data center) with logical
events (such as logging in to the servers) and raise a red flag when anomalies
surface, he says. A third convergence point is the increasing use of standard
Internet-based net-working (as opposed to non-standard, proprietary networking)
for physical security solutions, such as video surveillance and video
analytics, “which again provides an opportunity for unification of policies and
aggregation and correlation of information and events,” Brink says.
Protect in layers
The security strategy commonly cited for
physically protecting data centers is establishing multiple or concentric
security layers starting from the point at which someone enters the property and
tracking through to the cabinet and rack level, with some form of alarm or
monitoring system (access cards, video cameras, guard stations, etc.) present
at each layer. The following are components of this strategy.
Exterior.
The first line of defense starts at the facility’s exterior and includes
evaluating how landscaping (trees, vegetation, boulders, ditches, etc.) can
both provide protection from intruders and help intruders conceal themselves.
Securing the exterior can also involve installing fencing and controlled
parking; ensuring that door hinges face in-ward; using tinted,
shatter-resistant windows and ballistic-grade material for every entryway; and
placing surveillance cameras around the perimeter.
Entryways.
Beyond limiting the number of entryways into the facility (something that also
reduces security-related costs), establishing one main point of entry where
monitoring and personnel verification takes place is recommended. Loading and
delivery areas should also feature controlled access, and ire doors should open
from the inside only.
Loading
and delivery areas should also feature controlled access
