Data centers have traditionally focused their physical security efforts on outer perimeters and secure room access.
Data centers have traditionally focused their physical security efforts on outer perimeters and secure room access.
But with rising geopolitical tensions, insider threats, and the increasing use of colocation and edge data centers, experts say it’s time for the industry to rethink what lies at the heart of physical protection: the equipment rack.
“Cabinet-level security is often ignored, even in Europe,” said Bibin KR, an independent consultant. “But with colocation environments, it’s become vital.”
In one recent project he worked on, three companies shared the same data hall. Without strong cabinet-level access controls, such setups risk becoming flashpoints for data leaks or insider sabotage.
“If I’m a technician with access to multiple racks and I’m an insider threat, I can do a lot of damage,” Bibin said. “That’s why auditing, privilege management, and rack-level controls are as important as room-level security.”
Shifting threat landscapes
While physical infrastructure has always required protection, recent global events have made the risks more complex. According to Alex Reichard, Key Account Manager at Genetec, the growing unpredictability of urban centers is prompting data center operators to move to more remote, stable areas.
“Many operators are moving away from dense urban hubs to rural areas with more stable power grids and fewer risks of civil unrest,” Reichard explained.
This shift isn’t just about choosing a safer geography. It’s also about redesigning the facility’s resilience from the ground up. Operators are “investing in hardened infrastructure, redundant power systems, and even developing private energy sources to ensure 100 percent uptime,” Reichard said.
In tandem, perimeter security is getting an upgrade. “Perimeter defenses are being enhanced with advanced fencing, AI-driven surveillance, and biometric access controls to improve detection and accountability,” he added.
Two models, two challenges: edge vs. hyperscale
The expansion of data infrastructure has also introduced new architectural challenges. As edge and hyperscale data centers become more common, securing them requires different strategies.
Edge data centers are usually heavily dependent on automated systems for physical security.
“Edge data centers are often small, remote, and unmanned, which means physical security must rely on automation, remote access control, and reliable sensor data,” Reichard said.
Hyperscale data centers, on the other hand, involve managing large campuses with a number of people and devices.
“Hyperscale campuses have to manage thousands of people and devices across vast areas, making it harder to maintain consistent coverage and increasing the risk of human error,” Reichard added.
Both types share a core problem: they scale quickly and often use standardized designs that don’t always account for local threats.
“That’s where a flexible, unified platform makes a difference,” Reichard said. “It allows teams to standardize core practices while adapting to the needs of each location.”
Rethinking cabinet security in shared environments
Cabinet-level security becomes even more critical in colocation environments, where multiple companies often share the same physical space. A lack of strict controls at the rack level could expose one tenant to risks originating from another.
Bibin recommends a combination of biometric or electronic locking systems, role-based access control, and continuous auditing to track who accessed what, when, and for how long.
“You must implement biometric or electronic locking systems for cabinets, along with role-based access control and continuous auditing,” he said.
Such measures not only deter unauthorized access but also provide a forensic trail in the event of an incident - something increasingly demanded by compliance frameworks and enterprise customers alike.
A blueprint for security integrators
With data centers spreading rapidly across Asia, physical security solutions must be localized and scalable. Bibin laid out a clear set of best practices for systems integrators:
Start with a comprehensive risk assessment
“The risks in one country aren’t the same as in another,” Bibin said. Natural hazards, infrastructure weaknesses, and geopolitical factors must be considered.
Design a layered security approach
Begin at the perimeter with fencing and surveillance. Then add intrusion detection, access control at the room level, and finally, rack-level security.
Train all employees
“Everyone - not just guards - must be part of the security ecosystem,” Bibin said. This includes IT staff, maintenance workers, and cleaning crews.
Plan for scalability
“What works today may not work a year from now,” Bibin warned. Systems should be modular and easy to expand or reconfigure.
Deploy AI-enabled surveillance
Cameras and sensors should detect suspicious behaviors like tailgating, loitering, and forced entry attempts.
Integrate everything
“Ensure the system is integrated - not just a mix of components that don’t talk to each other,” Bibin said. Unified platforms reduce blind spots and improve response times.
Vendor support: an often-overlooked risk
One of the most common mistakes data center managers make, Bibin noted, is focusing solely on product features, like camera resolution or AI capabilities, while ignoring vendor support and service.
He shared a telling example: “I’ve seen cases where a package scanner’s CPU failed, and it took 30 days to get a replacement part from China, during COVID. In a data center, you can’t afford that kind of downtime.”
Bibin’s advice: work with vendors who offer local support, strong SLAs, and responsive after-sales service. Having the right parts available quickly can make all the difference in keeping operations online.
The power of unified platforms
As data centers adopt more complex technology stacks, the ability to monitor and manage security systems centrally becomes crucial.
“More data centers are turning to unified platforms that integrate physical and cybersecurity tools,” Reichard noted. “This gives teams a complete view of both physical and cyber risks.”
Such platforms help security professionals correlate data from access logs, video feeds, and intrusion sensors, allowing for a more coordinated and timely response to potential threats.
Security is an ecosystem
Security doesn’t begin and end with locks and surveillance feeds. Legal compliance, coordination with law enforcement, and cultural awareness all play a role in securing a data center.
“Adhere to local laws, and work with law enforcement and government agencies as needed,” Bibin said. “Security is not just a technical issue — it’s an ecosystem.”
This is particularly important in Asia, where laws and enforcement practices can vary significantly between countries and even between provinces.
Conclusion: securing what’s closest to the data
In the evolving landscape of data center security, the most overlooked point may also be the most critical: the cabinet. As edge and hyperscale infrastructures grow, and as colocation becomes the norm, cabinet-level security must evolve from an afterthought to a central design principle.
From biometric rack locks to audit logs and AI-enabled monitoring, physical security must now extend all the way to the individual server cabinet. The experts agree: if you ignore the last meter, you’re leaving the entire infrastructure exposed.