INDUSTRY INTELLIGENCE POWERED BY THE DCA
According to a cyberthreat report , business-focused cyberattacks – including ones specifically targeting data centres – has increased by 144 % in the past four years and data centres have become the number one target of cybercriminals .
Smile , you ’ re on camera – You can never have enough cameras : CCTV cameras are a very effective deterrent for an opportunist , as is proximity flood lighting . All footage should be stored digitally and archived off site . breach , identify them as soon as possible and containing the situation is paramount .
Through the Data Centre Trade Association , you have access to a wealth of specialists and experts . Datum , South Co , Chatsworth and EMKA , can all help with security .
When looking at physical security for a new or existing data centre , its sensible to take a few steps back and perform a risk assessment of the actual data and equipment that the facility will hold . Fully understanding the risks and potential breaches that could occur is essential , as is establishing the likelihood of such a breach taking place and the impact it could have on your business ( be that reputational or financial ). This type of ‘ drains up ’ assessment should be your first port of call when defining your physical security requirements and determining how far you need to go .
I have often heard it said that ‘ security of any facility needs to be like an onion ’ – made up of multiple layers of security which encapsulate what it is you are trying to protect .
So , when we are talking in terms of a physical data centre , what typically makes up the layers of a data centre onion ?
Keep a low profile – Especially in a populated area , you don ’ t want to be advertising to everyone that you are running a data centre . comes to security fencing and the Trade Association can point you towards fellow members who can offer some guidance .
Limit entry points – Access to the building needs to be controlled . Think not just about main entrance , fire exits and loading bays , but also roof access points too .
Fire exits – When it comes to those fire exits , make sure they are exactly that – ‘ exit only ’ ( and install alarms and monitoring on them as they are often frequented by smokers who then politely hold the door open for a stranger to wander in ).
Hinges on the outside – These can make it far too easy for someone to pop the pins out to gain access . It might sound basic but this is a common mistake I often see with repurposed buildings .
Tailgating – Following someone through a door before it closes is known as tailgating and is one of the main ways that an unauthorised visitor will gain access to your facility . By implementing man-traps that only allow one person through at a time , you force visitors to be identified before allowing access .
Access control – You need granular control over which visitors can access certain parts of your facility . The easiest way to do this is through proximity access card readers , biometrics and retinal scans on the doors .
Pre-approval and personal identification – Many data centres operate on a pre-approval system whereby you warn the data centre in advance that someone will be attending site and usually , this person will need to
Avoid windows – There should be no windows directly onto the data floor .
Fencing – Granted , not always possible if located in a city location , which is where the avoid windows advice kicks in above ; however , if you are going to have fencing , make sure it not just a token gesture . There are plenty of guidelines when it
Steve Hone , CEO , DCA
22 www . intelligentdatacentres . com