Access denied: why physical protection is key to data security

There are many different working parts to an effective physical security system. By Neil Killick, Leader of Strategic Business (EMEA), Milestone Systems

Data is fast becoming one of our most valuable resources. Some have dubbed it the new currency of business and it’s easy to understand why. Data is powering many important processes and decisions, from changing the layout of our cities to deciding what advertisements are shown to people as they browse online. This makes data centres, as centralised locations for data storage and processing, an attractive target for criminals, spies, and other malicious actors.

A growing target

Recently, data centres have experienced explosive growth, driven by advances in artificial intelligence (AI), the Internet of Things (IoT), cloud computing, and 5G — technologies that all rely on powerful, fast, computing power. Likewise, the pandemic has played a critical role as more people went online to work, socialise, shop, game, watch TV, and more.

Evidently, data centres are becoming a mainstay of every modern-day organisation, and this means they must be protected with best-in-class solutions to ensure data security and business continuity. Threats can come from many areas, from cybercriminals looking to hold a business to ransom, to corporate spies looking for secrets to sell, and even natural disasters like floods, fire, and earthquakes. Data centre leaders must consider every risk for their security to remain impenetrable.

Physical security needed

Foresight is critical to protecting a data centre effectively and many data centres invest huge sums in anti-malware, firewalls, and other security software. Yet, the best firewall in the world will prove useless if someone gains unauthorised access to a building. Physical security must not be underplayed when securing a data centre.

How to improve physical security

With this in mind, how can you get your physical security up and running?

The physical security of a data centre typically comprises built-in safety and security features to protect buildings and equipment.

1. Audit

Start with a data centre security audit to understand current strengths and weaknesses. This will also uncover the equipment, data, and access points that require protection, and the

employees working on-site who require access (and in what areas). Make sure the list of staff members who have access to high-risk areas is updated regularly and anyone who shouldn’t have access (due to changes in their role, or if they leave) has their credentials revoked immediately.

2. Internal protections

The second step is to consider internal protections like CCTV, access control, infrared tripwires, mantraps, and other smart devices that can reduce the risk of intrusion, detect emergencies like fire and flood, and preempt equipment failure. Your CCTV footage needs to provide comprehensive visibility of everything happening on-site. You might also want to invest in facial recognition or behavior monitoring tools to increase security further. In the event of a security breach, visual identification of an intruder should be possible through video and audio feeds.

3. Perimeter and access control

Perimeter controls and access control systems will ensure that unauthorised individuals cannot get physically close to a data centre. Anti-tailgating and anti-pass-back facilities will ensure only one authorised individual and vehicle passes into a complex during a specific time. Access lists should also be in place, along with multi-factor authentication, where possible.

Visitor and contractor management needs to be implemented to monitor the movement of all visitors and third-party personnel. Ideally, security teams should be able to pinpoint the locations of contractors and visitors in real-time either through wearable trackers or advanced video analytics. Records should be kept of all visitor and contractor activity on-site, including their entry and exit times and the areas accessed.

4. Redundant utilities

The next stage is looking at your redundant utilities (like electricity and water) to avoid common-mode failures and downtime. It’s also worth monitoring and controlling the air quality, temperature, and humidity within a data centre. Specifically within rack areas to ensure air conditioning and cooling systems cannot be exploited and services are not disrupted.

5. Security training

The final step involves your people. Security staff and control centre teams need training in your security systems and processes to ensure consistent 24/7 coverage of your data centre and short response times during any incidents. Your wider workforce will also need training to ensure they understand their role in protecting the data centre.

Open system ensures flexibility

As you can see, there are many different working parts to an effective physical security system. Investing in an open system over a proprietary, closed solution can give greater flexibility in the range of devices and vendors a data centre can work with. This ensures best-in-class solutions are tailored to each data centre’s requirements and can be updated easily to protect against new threats.

For those working in technology, it’s long been recognised that data centres are the backbone of the digital economy, but Coronavirus saw the industry thrust into the public eye on a much wider scale. We’ve seen data centre operators deemed to be critical workers, and witnessed debate into whether all data centres should be classed as Critical National Infrastructure. By Darren Watkins, Managing Director for VIRTUS Data Centres
A global leading data centre company has recently enlisted the support of Bryland Fire Protection Limited to design and install an engineered solution to safeguard their 1,600-rack facility in Slough.
The provision of new data centre supply is a vital component of the European data centre market, not just to ensure there is enough product to satisfy levels of demand, but to ensure that it is the right type of product aligned to changing IT strategies and practices. By James Hart, CEO at BCS (Business Critical Systems).
There is increasing pressure on data centre Operators to make their facilities as energy efficient as possible with global drive towards carbon neutrality. To support this journey Graeme Shaw, Technical Application Manager at Zumtobel, explains how lighting can not only help data centres achieve their sustainability based objectives, but also make them more safe, secure and operationally efficient.
Power and data to remote devices over single twisted pair up to 1000-metres; compact cable (18AWG) and connector format increases flexibility and ease of use; converging corporate, factory and distribution information networks increases productivity, By Stuart McKay, Panduit
How mission-critical testing makes modern data centres possible By Jacky Pluchon, Vice President EMEA Power Solutions at KOHLER-SDMO