Data Centre Security is the array of technologies and practices in place to protect a facility's physical infrastructure and network systems from internal and external threats.
It all boils down to the restricting and managing access to the data centre. Security of a data centre includes both the "things" put in place (locked access points, surveillance systems, or security personnel) and the "controls" that manage them (security policies, access lists, and rules for handling data).
We will be taking a look at some of the protections put in place and the average security standards that your data centre should have.
Data Centers are no longer just a warehouse filled with servers - These facilities are usually built up from the ground with security best practices in mind. All elements of the data centre's physical security should be implemented with other aspects in mind so that it forms an interlocking network of security measures.
No amount of physical security elements will provide much protection without a holistic security policy to manage it all. There need to be protocols and procedures in place for common and unusual contingencies to provide data centre personnel with clear guidelines for how operations should be carried out.
Data Centers need to implement a "No Trust" security philosophy; this ensures that every visitor to the data centre is subjected to the same level of security scrutiny and must verify their identity and reason for accessing assets before gaining access.
These security procedures need to be reviewed and audited regularly to ensure they are still updated and effective.
All security measures in a data centre should work together in a comprehensive layered model. The idea is that a potential intruder would be forced to breach several layers of security before being able to gain access to valuable data or hardware.
This ensures that if one layer should be penetrated, other layers can prevent the entire system from being compromised.
It might seem obvious, but having set access lists as to who can access parts of the data centre is an essential part of the "No Trust" philosophy. Not all staff need to or are capable of working closely, or with IT assets, and they don't need access.
Video Surveillance is a long-standing security staple and is incredibly valuable to data centres. CCTVs' with a full range, tilt and zoom features should monitor all exterior access points, all interior doors and the data floor itself.
This footage should be backed up digitally and archived offsite to protect against unauthorised tampering.
Sensitive sections of the Data Centre, such as the data floor, needs to be protected by more than just a simple lock. Staffed checkpoints with methods that prevent and authorised visitor from passing credentials back to someone are essential physical security standards for any data centre facility.
Checkpoints, cameras and alarms won't mean much if you don't have security personnel to respond. Regular patrols on high-risk areas and an alert team, ready to respond are vital to ensuring any security risk can be dealt with before it escalates.
Even with all of these security measures, it can be difficult to keep an eye on every piece of hardware. With RFID tagging, data centres can manage and track assets in real-time via software. Tags can send out alerts the moment an asset is moved or tampered with, allowing data centre personnel to respond quickly to any threat.
Between security staff, technicians and cleaners, a lot of bodies are moving through the secure facility. It's vital to vet every member of the staff or external party who will enter the centre.
When a staff member or client who has access to high-security zones in the facility leaves the job or moves their data - Their privileges do not go with them. You need to create an exit procedure to remove the access of that person. It could be removing of bio-metric access, removing them from lists or retrieving of any physical keys.
Biometric technology identifies people through a unique physical characteristic, such as a thumbprint, retina shape, or voice pattern. There are a variety of ways to incorporate biometric technology into access protocols, and it is incredibly valuable as one component of two-factor authentication.
As technology and security measures continue to develop, your data centre should also continue to develop the standards in place, the policies that manage those measures and the staff who need to protect the facility. Clyrofor can help you analyse and identify any gaps in your current security measures and create a secure data facility.