Data Centers - Best Practices for Physical Security Planning

Taking a layered security approach to maximize Data Center protection

Introduction - the "Onion Skin theory"

When most people think about attacks on Data Centers, their first thought generally gravitates towards cyberattacks. Now, while most attacks are cyber-related, protection from physical attacks on Data Center facilities is equally important. Data Centers store highly confidential information, making them a prime target for both physical and cyberattacks.

Are you familiar with the onion skin theory? This theory is widely used across different fields and industries and refers to the concept of a layered approach to understanding something. More specifically, to truly understand something, you need to peel back the “layers” to reveal the core. We can use this theory to better explain some best practices for Data Center security, with the core representing the data and personnel you're protecting. How exactly can we translate that to physical security? Let’s say the core is your data center, and the layers forming around your core are the 5 D’s to physical security: deter, detect, deny, delay, and defend. With this concept in mind, we can reduce the chances of an attack, prevent access to facilities, provide more time to respond to a security breach, and effectively deny and defend as a last resort when necessary.

Peeling back the "onion" of physical security

The ‘deter’ layer is your first line of defense, making it one of the most important. This outermost layer encompasses designing perimeter security in a way that makes any potential threat think twice about attempting to breach your perimeter. The best deterrence strategies include a variety of security systems, such as:

• Anti-climb or anti-cut fencing

• High security entry gates

• Advanced surveillance solutions

  
  

Due to the complexity and expertise needed to implement this layer effectively, it’s not uncommon to work with a physical security integrator. They can provide design assistance and project management services to ensure your perimeter security project is tailored to your unique needs and offers maximum protection.  

Following the deter layer is the detection layer. Designed to trigger any alarms around your data center when the deter layer has failed, this layer typically includes alarm systems and monitoring equipment such as CCTV cameras, motion sensors, biometric scanner checkpoints, etc.

A crucial aspect of a successful detection layer is zero trust security, a concept that enlists recurring authentication challenges due to the belief that no user, device, or application is trustworthy by default. Just because someone has been authorized to access your outermost perimeter doesn’t mean they automatically gain access to every area of your facility.

Peeling back another layer, we have the deny layer. This layer incorporates physical barriers designed to completely stop or slow down potential intruders. It’s important to note that these barriers are certainly not one-size-fits-all, making it commonplace for data centers to leverage multiple manufacturers for physical barriers. This magnifies the importance of working with an expert integrator due to their direct connection to trusted vendors and their products. This makes finding the perfect blend of maximum protection while staying within budget constraints less challenging. This layer can include a variety of different crash-tested and crash-rated barriers, like:

• Security Bollards

• Wedge Barriers

• Security Fences

• Automated Gates

• Ballistic Walls

• Access Control

• And more!

  
  

The delay layer, which utilizes a variety of different security measures in unison to slow down intruders and provide security personnel and emergency responders adequate time to respond to security threats. Complex access routes, reinforced doors, on-site security guards, etc., can all be used to impede unauthorized users from accessing restricted areas in Data Centers.  

The innermost layer is the defend layer. This layer blends a variety of different types of barriers, gates, fencing, access control measures, and security personnel into a comprehensive incident response plan. A well-thought-out and detailed incident management process leaves nothing up to interpretation and provides clear direction on how to respond to security risks – it also helps in creating a physical security checklist to ensure related tasks are completed and done so in the correct sequence.

Access Control – the key to achieving maximum protection

Access control for Data Centers is possibly the most important aspect of ensuring only authorized staff and vehicles have appropriate access to areas in and around the facility. Access control is a complex process with a lot of logistics to consider, but luckily, there are a handful of best practices to follow to make the whole process a little less daunting.

Specific to security personnel and other staff, role-based access control adds layer of protection. By designating access to authorized individuals in a more granular way, Data Center security managers can more easily monitor and track how and when individuals are accessing various areas and facilities. They can then, in turn, use that data to drive security strategy and implement new processes that improve overall security posture.

Taking a hard look at entry and exit points is another important aspect of access control. A smaller number of entry/exit points around your facilities means a lower number of access points to monitor and track, reducing the risk of a security breach. Another consideration for entry and exit points is how security personnel at those posts are being protected from threats. It’s also best practice to plan for worst-case scenarios. Utilizing security equipment like blast-resistant or bullet-resistant guard booths, crash-rated wedge barriers, EFO (emergency fast operation) crash-arms or beams, etc. are excellent solution to provide additional protection to security personnel positioned at entry and exit points.

Preventative maintenance – ensuring smooth operation of security systems

No security system or equipment is immune to the maintenance and service needs to stay operating at peak efficiency. Equipment that isn’t properly maintained runs a higher risk of breaking or not functioning properly, putting Data Centers at an increased risk of a breach. Understanding AND meeting the maintenance needs of your various security systems ensures longevity of equipment and maximum protection from unauthorized access. One of the best things Data Centers can do is work with an outside security maintenance company. By doing so, Data Centers experience the benefits of improved performance and operational efficiency of equipment, 24/7 support for emergency repairs, and a lower risk of unnecessary downtime when issues do arise.

Last but not least - proper training

Any type of security threat is likely to increase stress and adrenaline levels of everyone involved, reinforcing the need for a carefully thought-out security plan that also properly trains the personnel involved. Ongoing security assessments, equipment training and testing, threat response drills, etc., will keep security personnel and other staff prepared in the event of a security breach. This is where working with a security integrator is especially helpful. They have the knowledge to properly train personnel on varying equipment and security processes, reducing the risk of human error and equipment working incorrectly, both of which have a direct impact on overall data center security posture. By properly training and preparing the necessary parties, Data Center protection is maximized.

Conclusion - data center security best practices

It’s no secret that Data Centers are a prime target for any type of attack, whether it’s a physical attack or a cyber-attack. More than ever, implementing a comprehensive physical security plan is critical to ensuring the people and data you’re trying to protect stay safe. By implementing the above best practices, Data Center facilities can achieve a stronger overall security readiness. As threats to Data Centers continue to grow, it’s never a bad idea to have a trusted security partner to assist in your security plan – it’s the best way to be fully prepared for any potential attacks. Expert physical security integrators take the worry out of managing all aspects of your security plan, providing peace of mind and allowing Data Center personnel to spend more time focusing on relevant priorities.  

IronSite is a national physical security provider with specialized expertise to deliver premium solutions at scale. Our extensive family of brands nationwide enables responsive and consistent service and support for all our clients wherever they may be.

Media Contact

Terin Pickett

IronSite

1595 E. 6th St; Suite 101

Corona, CA 92879

info@ironsite.com