Here, the experts at Milestone explore the importance of building resilience into your data centre’s physical security.
Data is often called the new oil. It’s a vital asset that ensures our businesses, homes, and cities all run efficiently and are constantly improving. Every aspect of our lives is becoming data-driven, particularly post-Covid.
A consequence of this growth, however, is that data – and the data centres that store, protect and process that data – have become prime criminal targets.
A rapid rise
The growth of the data centre sector has been significant and it’s accelerated due to the pandemic. In 2020, a record U.S. $34.9 billion was invested globally in the sector and 2021 is, so far, following the same trajectory with $13.5 billion worth of deals currently in the pipeline.
Having more people working remotely, socialising online, and turning to solutions like video conferencing, e-commerce and gaming, has paid dividends for the data centre industry.
Because data centres are so critical to every organisation’s operations, they must be protected with best-in-class solutions to ensure data security and business continuity.
When thinking of data centre security, many will first consider its cybersecurity. However, physical security is just as vital. A firewall won’t be effective if an intruder has already gained access to a server room.
The cost of poor protection
There’s good reason to protect your data centre in every possible way. The cost of recovering from a data breach currently stands at $3.86 million. This only considers the financial implications of a breach.
There will also be ongoing damage to an organisation’s reputation, brand, and customer loyalty that could take years – if not decades – to repair.
Keeping pace with evolving threats
Physical security risks come in many forms, from criminals, spies, and other malicious actors trying to enter a facility, to inside jobs, or even natural disasters like floods, fire, and earthquakes.
Security leaders must protect against every possible threat for their data centre to remain robust and impassable. Furthermore, against evolving threats and needs, security solutions must be able to adapt to the times and take advantage of the latest protections.
Audit existing infrastructure
The first step in improving your physical security is to undertake a comprehensive security audit. This will identify your centre’s current strengths and vulnerabilities and it will help you focus your efforts on the protections that will have the greatest impact.
It should tell you what data and equipment is on-site, access points that could be vulnerable, the people working on-site who need authorisation (and what areas they can access), and who regularly visits (and your procedure for this).
You may also want to consider the proximity and risk of any natural disasters like earthquakes or flooding zones and how you can mitigate this.
Invest in internal protections
The next step is to ensure your internal protections are up-to-date against the latest threats. As risks can evolve every day, having a regular review of your internal systems and stress-testing them against the latest threats is essential. Some of the technologies to consider are:
- CCTV systems
- A VMS (such as Milestone XProtect) that can consolidate all video, audio, sensor, and other data streams
- Video analytics for thermal imaging, facial recognition, license plate and vehicle recognition, people counting, behaviour monitoring, and so forth
- A control centre with a smart wall to monitor everything occurring on-site and bring up detailed views of any suspicious activity
- Access control
- Infrared tripwires and mantraps
- IoT (Internet of Things) sensors that can detect intrusion or emergencies like fire and flood, or even pre-empt equipment failure.
Your video system needs to provide comprehensive visibility of everything occurring on-site and everyone who is on the premises. If a breach does occur, visual identification (and tracking) of an intruder should be rapid thanks to your video and audio feeds.
Behaviour monitoring tools can flag any suspicious behavior that should be investigated further, while facial recognition data can be cross-checked against employee credentials to ensure the right people are accessing each area.
Protect your perimeter
Once your internal protections are fortified, it’s time to assess your perimeter and access control. Strong protections here will ensure unauthorised individuals cannot even get close to your facilities. Anti-tailgating and anti-pass-back solutions will ensure only one person or vehicle enters at one time.
Likewise, the list of who has access to high-risk areas should be updated regularly and the credentials of anyone who has changed role or left must be revoked immediately.
Meanwhile, your VMS should sync with access lists, and your access control technologies to ensure all entries and exits are logged and authorised.
Visitor and contractor management also needs to be implemented, with your security teams able to follow the locations of all third parties in real-time through the CCTV system and VMS. Wearable trackers can also be integrated with open systems like XProtect, to provide greater details on who is on-site and where they are.
Consider your utilities
Another consideration is your redundant utilities like electricity and water to avoid any downtime. IoT devices can monitor your systems to proactively warn of possible failures or downtime.
It’s worth monitoring and controlling the air quality, temperature, and humidity within different sections of your centres to ensure they cannot be exploited. Again, an open VMS like XProtect can integrate with all of these devices to provide a single source of truth for all happenings on-site.
Preparing your people
Your employees are at the frontline of your security. Everyone needs to understand their role in protecting a premises, whether that’s preventing tailgating as they enter a site, or remaining updated on the latest threats and security processes.
Your security and control centre teams will need training in how to use the different security systems and processes. Investing in an intuitive VMS that consolidates the data from CCTV, perimeter protection, access control, IoT devices, and more, will help reduce training time.
Looking to the future
Over the next five years, the rise of data centres is predicted to continue, if not increase. Synergy Research Group chief analyst John Dinsdale predicts that, “the number of operational hyper-scale data centresin Europe will grow at eight to 10% per year and we expect UK growth to be in the same range.”
As the sector’s profile continues to rise, so too will the threats. Security systems will require regular reviews and updates to keep abreast of the latest risks, as well as to take advantage of next-gen solutions.
Investing in an open system like Milestone will help with future proofing your physical security system, making it easier to deploy new solutions and experiment with emerging technologies.
Other benefits of an open system
Having an open system will also give your security greater flexibility and scalability. As your data centre expands or you add other sites to your portfolio, the open system can adapt to the extra resources.
As explained, having a single point for all physical security insights will decrease your security team’s training needs, so new devices and sites can be up and running in a minimal amount of time.
With the flexibility to add new devices, as your security needs evolve you can simply integrate another solution within the XProtect VMS. You also have greater freedom to choose from a wide range of vendors, instead of being limited to just the devices that a closed system supports.
This can help with multi-tenant centres where certain devices are preferred by a tenant, or if your organisation only works with specific device types and vendors. It also enables you to only pick best-in-class technologies that work together seamlessly to further reduce vulnerabilities in your system.
Much to consider
Evidently, a lot of thought and decision-making will go into protecting your data centre from a physical breach; it is something that will evolve and can be constantly improved over time.
By starting the journey now, you are making certain there are no cracks in your security. No weakness will be exploited by malicious actors and your cybersecurity will not be undermined by a breach within your walls.
To learn more about the physical security of data centres, download Milestone’s latest eBook here.