The paradigm for physical-security design in data centers has flipped nearly 180 degrees in the past few years. Whereas data centers were once designed in a way similar to other facilities—with a focus on the perimeter first and then the facility’s interior—a data center’s true value is at its core: the servers.
Thus, when looking at physical security, we begin at the server spaces and then cascade outward to the facility’s entry points and the perimeter of the grounds.
This new approach forces the security industry at large to break its own habits. And it’s intriguing for manufacturers, as it requires a shift in the solutions presented to data center owners, facility managers and security managers. Also, whether it’s new construction or a retrofit, these new technologies and approaches can benefit nearly every data center looking to add more-robust security.
Starting at the Heart of the Facility
The new starting point for security design is a lock that controls access to individual server cabinets and can provide an audit trail. It can connect to the facility’s access-control system using its wireless infrastructure or a hard-wired connection—typically, depending on the facility’s preference—and solves a number of potential problems and vulnerabilities in the data center.
Mainly, it can restrict access to individual cabinets while also logging who accessed a server and when. For those controlling and protecting their own data, this capability is critical, as it enables a high level of in-house auditing. And it’s especially critical for data centers that host space for clients, who require the greatest assurance that their data is adequately protected.
In addition to having card access through the cabinet lock, this approach should offer the ability to use intelligent keys as an override in a network failure. The keys also provide an audit trail, ensuring that accountability remains intact even in an emergency.
Simply put, no one should access a rack unless it needs service or buildout. To show that employees are only going to areas where they have a reason to be is critical for both the owner’s liability and the client’s peace of mind. And it helps facilities meet PCI and FISMA requirements.
Moving Toward the Perimeter
Once the rack is secure, begin to look at the access points into the server room. Biometrics—whether it’s an iris, hand-geometry or fingerprint scanner—has virtually become an expectation at server-room access chokepoints.
I believe biometric components will and should become a bigger part of data center security. One way is through the use of mobile technologies. The ability to carry your credential with you by embedding it in a mobile device, and perhaps using mobile biometrics as a component, can affordably increase the security of a data center.
For example, let’s say I’m an off-site technician or I work for corporate security. I’m being dispatched to handle an emergency in a location I generally wouldn’t have access to. Through mobile credentialing, the dispatcher can now push the credential to me on my mobile device, and a biometric system can verify my identity.
At the perimeter, data center operators should consider high-security fencing, bollards, guard booths and entry barriers as the first defense against unauthorized access.
Robust Physical Solutions
Physical solutions in data centers have changed drastically. When the market first began, several structures were built in a warehouse style that lacked robust physical security. It’s therefore critical for owners and managers of older facilities to be aware of the upgrades.
New facilities are moving toward more-resilient and more-resistant openings that include bullet resistance, the ability to repel a forced entry, blast resistance, RF shielding, thermal-shielded doors and hardware, and other options that go beyond traditional access control. These openings provide that additional protection from all types of external threats.
Earlier I discussed the implementation of mobile credentialing and increased biometrics, but a few other technologies will also accelerate the development of data center security.
Wireless implementation has increased in the past year, as an increasing number of data center operators see the flexibility and benefits it brings to the security of their building or campus. We’re seeing more products that affect physical and network security. The SIA Open Supervised Device Protocol (OSDP) and other standards are helping drive product development by manufacturers and helping drive behaviors by owners.
Partnerships Are Critical
Implementing these new and emerging technologies with traditional security systems can be complex. Further, if all these systems are to work together, a manufacturer must approach security as a total solution rather than offer just a single product.
To that end, I always recommend that data centers find manufacturers that can listen to their needs and respond as a consultant. One that provide a full solution and answer every question will give you more-comprehensive safety and security at your facility. Finally, such a manufacturer is more likely to be around in the long term. Any system or component you install in your facility must be backed by a company that will support it—and upgrade it—for decades to come.
About the Author
Chris Hobbs is Director of Enterprise Partner Business Development for Assa Abloy Door Security Solutions, working with enterprise end users and the varied environments they support. These environments include everything from manufacturing and financial institutions to health-care and IT/technology infrastructure. Chris focuses on delivering solutions that meet the challenges of today’s ever changing and ever expanding security environment, including implementations of Assa Abloy’s Aperio wireless and IP-enabled products and HID’s SEOS credential platform.