Physical security of a data center

In addition to many layers of software cybersecurity, protection of  data centers with layers of physical security systems is paramount.

Data centers store large amounts of data for processing, analyzing, and distributing—and thereby connect organizations to service providers. Many organizations rent space and networking equipment in an off-site data center instead of owning one. A data center that caters to multiple organizations is known as a multi-tenant data center or a colocation data center, and is operated by a third party.

Industrial facilities with on-premise data centers need to secure the hardware and software within them. There are two types of security: physical security and software security.

Physical security is the protection of people, property, and assets, such as hardware, software, network, and data, from natural disasters, burglary, theft, terrorism, and other events that could cause damage or loss to an enterprise or institution. Software security involves techniques to prevent unauthorized access to the data stored on the servers. Because new malicious software (malware) is being developed year after year to break the various firewalls protecting the data, security techniques need to be upgraded periodically.

Physical security controls

Physical security of a data center comprises various kinds of built-in safety and security features to protect the premises and thereby the equipment that stores critical data for multi-tenant applications. For the safety and security of the premises, factors ranging from location selection to authenticated access of the personnel into the data center should be considered, monitored, and audited vigorously. To prevent any physical attacks, the following need to be considered:

  1. proximity to high-risk areas, such as switch yards and chemical facilities

  2. availability of network carrier, power, water, and transport systems

  3. likelihood of natural disasters, such as earthquakes and hurricanes

  4. an access control system with an anti-tailgating/anti-pass-back facility to permit only one person to enter at a time

  5. single entry point into the facility.

Organizations should monitor the safety and security of the data center rack room with authenticated access through the following systems:

  1. closed-circuit television (CCTV) camera surveillance with video retention as per the organization policy

  2. vigilance by means of 24×7 on-site security guards and manned operations of the network system with a technical team

  3. periodic hardware maintenance

  4. checking and monitoring the access control rights regularly and augmenting if necessary

  5. controlling and monitoring temperature and humidity through proper control of air conditioning and indirect cooling

  6. uninterruptible power supply (UPS)

  7. provision of both a fire alarm system and an aspirating smoke detection system (e.g., VESDA) in a data center. A VESDA, or aspiration, system detects and alerts personnel before a fire breaks out and should be considered for sensitive areas.

  8. water leakage detector panel to monitor for any water leakage in the server room

  9. rodent repellent system in the data center. It works as an electronic pest control to prevent rats from destroying servers and wires.

  10. fire protection systems with double interlock. On actuation of both the detector and sprinkler, water is released into the pipe. To protect the data and information technology (IT) equipment, fire suppression shall be with a zoned dry-pipe sprinkler.

  11. cable network through a raised floor, which avoids overhead cabling, reduces the heat load in the room, and is aesthetically appealing.

Security systems include CCTV, video, and other access control systems, such as biometrics and perimeter monitoring systems.

Security in data center

Security of a data center begins with its location. The following factors need to be considered: geological activity like earthquakes, high-risk industries in the area, risk of flooding, and risk of force majeure. Some of these risks could be mitigated by barriers or redundancies in the physical design. However, if something has a harmful effect on the data center, it is advisable to avoid it totally.