Data center physical security is not just about using the most modern technology, but also proper maintenance and operation.
Data centers often receive more attention for cybersecurity because of the nature of the assets they hold. While this is important, it leaves the physical side of things vulnerable to theft, robbery, and vandalism. Post the pandemic, this has become an even more critical issue because of the increased amount of data entrusted to these places.
The seriousness of the situation is not lost on most major data center managers. A quick search on Google for data center physical security would throw up specific pages on how AWS and Microsoft Azure protect their sites. That these companies feel the need to explain the measures they take indicates the severity of the matter.
But the biggest challenge in protecting data centers is the rapid pace at which they grow and evolve. Integrating physical and logical systems in such a dynamic environment requires careful consideration of various factors and optimized strategy. Asmag.com spoke to some of the top industry professionals to understand the biggest threats to data centers and how integrators can go about protecting them.
Major threats to data centers
Most data centers focus on software and implement data security tools such as firewalls to identify and mitigate cyber threats. But the need for the physical security of these facilities is paramount. A breach in physical security can lead to data theft and cause breaches that compromise data security.
“With the increasing threat of cyberattacks and natural disasters, we must work to ensure the security of data centers to protect intellectual property, ensure compliance and maintain security and resiliency standards to keep these facilities safe,” said Alan Stoddard President at Cognyte Situational Intelligence Solutions. “Additionally, we must be cognizant that data centers are evolving. The increased deployment of cloud-based and edge data center facilities will increase the demand for physical security solutions in the coming year.”
But perhaps the real problem now is not the lack of technology to protect data centers but the lack of its appropriate use. John Rezzonico, CEO of Edge360, pointed out that the lack of timely upgrades and maintenance is a major cause of concern.
“Data centers typically have many physical security devices in a small space or area, which can be challenging to manage,” Rezzonico said. “On top of that, many data centers establish security systems and then allow physical security software, like video management platforms, to become outdated. But this fact must change: As more businesses shift to remote work and the storage of critical data via the cloud and within these data centers expands, the need for solid security in these facilities is growing, and protecting them becomes more critical.”
It's also important to note that the focus for these facilities has primarily been on protecting the network, which means physical security programs have taken a back seat. But the protection of the brick-and-mortar facility is just as, if not more, important as ensuring captured data is protected.
Also read: cybercriminals are on their own way to transform
Checklist for data center physical security
Data center security should follow a specific formula for protecting assets, with the idea of concentric circles. The outer layer represents perimeter security; the next is the hardening of the facility itself and preventing unauthorized access.
Next, security leaders should focus on securing the racks where the data and servers are stored. Finally, there must be another added layer of security around the controls for those server rooms to prevent any bad actors from accessing them.
“At each level, there needs to be a standard amount of physical and cyber security protection, which should be common practice across data centers, whether public, private, co-located, or on-site,” Rezzonico said. “The same policies and methodologies should be applied no matter the size, type of data center, or location. Still, they are often not, creating a facility that lacks the proper security measures for protecting critical data.”
Stoddard agrees that the best way to secure a data center is to manage it in layers. A multi-layered approach best supports proactive planning and makes identifying and mitigating a failure or breach easy. Here are some best practices that he suggests to consider:
1. Conduct regular audits: Internal audits ensure that systems and processes are working as intended. Audits should check for vulnerabilities in the data center facilities as well as across systems and devices.
“Access control systems, video surveillance cameras, and electronic locks must be checked to ensure proper function,” Stoddard said. “Security leaders should also continually assess whether a change in personnel calls for an update in the procedures and systems.”
2. Strengthen situational awareness: Any facility requiring extra protection, like a data center, should adopt an intelligent security approach. Funneling all data and systems into one centralized platform provides a higher level of oversight over security and operations.
3. Establish redundancy: Avoid the opportunity for downtime or system failure that results in a shutdown by creating redundancy across your data center operations. Data center failures can be prevented with proactive planning, testing, and awareness.
4. Enhance video surveillance: Video systems should be comprehensive and cover indoor and outdoor areas. Additionally, 24/7 video monitoring is critical to helping identify potential anomalies before they become more significant issues. Security guards can also be an essential component in augmenting technology.
5. SOP updates: Standard operating procedures need to be evaluated and tested regularly. This process also includes refresher training on the emerging or new security measures that need to be followed. Because risks are changing and evolving rapidly, regular checks of existing processes and procedures are recommended.
Conclusion
The technology needed for physical security at data centers is not complex. But what is often not up to the mark is the maintenance and operation. Steps like regular audits and SOP updates that Stoddard suggested highlight this concern.
In the coming years, we will likely see the number of data centers increase worldwide as more customers become aware of the importance and convenience of cloud-based solutions. This means more opportunities for physical security systems integrators. While challenges are a concern, it presents new growth areas with the right approach.