Data centres: The importance of physical security

Data centres: The importance of physical security

With the importance of cybersecurity often taking centre stage, Iain Moran, director at ATG Access, representing HS Security, highlights why physical security in the data centre should not be overlooked.

In an age where data is more important than ever, IT executives have often talked about the need for data to be protected – often citing cybersecurity measures as the most important factor.

However, data centres, that are responsible for the physical protection, storage and transfer of specific information, must also install physical measures that keep these sites safe and secure.

If data is taken from these centres, it can have very serious consequences. In the UK, according to research from IBM, the average cost of a data breach to a business has increased to almost £2.7 million.

Whether this is via a cyber breach or an individual physically retrieving data, the loss of information can cause extreme economic loss, destroy an organisations reputation, as well as compromising the service offered to a business’s customers.

And with data centres globally being responsible for storing data worth circa £103 billion pounds annually, these sites can become an attractive target for attack. Therefore, the importance of ensuring they are protected on a physical level, should not be underestimated.

Below are some of the main physical security threats faced by data centres today and how these threats can be overcome using a layered security approach that can help to disrupt and delay any potential attack.

Monitoring vehicles access to the site

It is important to monitor vehicles when they attempt to access the grounds of a data centre facility. In worst case scenarios, if the right measures are not in place, a vehicle could permeate this outer security perimeter and could advance to damage the data centre building in order to access the information held inside.

Similarly, if vehicles are not monitored, they can cause damage to a facility, even if the damage was unintentional. This was a problem for a US data centre operator in 2007 when a vehicle was driven into one of the power transformers near the site, cutting the power to the facility and compromising the service the business consequently provided to its customers.

To minimise the physical damage and potential for data to be physically removed from a centre after this damage has occurred, restricting vehicles requires a layered approach. This can include a range of measures such as hostile vehicle mitigation (HVM) gates and bollards, as well as perimeter fencing.

Initially, perimeter fencing and gates provide the first security layer to prevent unauthorised access. Fencing solutions can have anti-climb features incorporated within their design through mesh composition which prevents unauthorised individuals being able to climb them for access, as well as offering strong visibility for CCTV officers who monitor the site.

Then, to stop the immediate access of vehicles, tested and certified bollards provide the next layer of defence. Dependant on circumstance, retractable bollards can be operated by security personnel where they can be left up to immediately prevent access or can be lowered to allow a vehicle to pass.

If access is not granted, dynamic bollards that use a tiger-trap function can hold a car in place, where security personnel can carry out a stop-and-search process for any vehicle that tries to gain access.

Controlling access within the facility

In addition to the need to monitor vehicle access at data centre sites, installing measures that deal with access within the data centre building, is also a priority.  

This was a problem for a national telecoms provider in 2011 when unauthorised personnel forced access and stole computer equipment and network hardware. This caused immediate disruption to the phone provider’s customers who experienced the loss of SMS, internet and phone calling services.

Therefore, installing thorough security at each ingress and egress point will make it difficult for unauthorised individuals to get into the site but will also increase the amount of time that security operators can have to react to a threat and reduce the consequent risk of damage.

This can be approached by firstly installing a visitor buzzer followed by an inner door that can be used to grant access but also keep visitors separated from the general employee area.

This allows for rigorous identification to take place if it is needed and enables security operators to see who works for the data centre facility and who is an external, and potentially unwarranted, visitor.

Next, implementing a floor-to-ceiling turnstile door at each entrance point can reduce the chance of an individual tailgating an authenticated user. This can be supported by a ‘mantrap’ door that are separated by an ‘air lock’ where one door can only be opened once the first one is closed.

If someone who is not supposed to, does attempt to tailgate one of the facilities workers, these doors allow security operators to prevent the second door from being opened and they can then deal with the threat accordingly.

When building and securing data centres, the critical national infrastructure sectors have been working tirelessly to ensure these facilities are protected against all potential damage, unwarranted access and even counts of terrorism.

Within data centres, a multi layered approach should be installed that monitors vehicles that attempt to access the site as well as observing and restricting individuals who try to gain access to the main building.

As attacks can be carefully prepared, using a combination of vehicle access and unauthorised individuals on foot, the importance of physical security should not be overlooked.

With data centres holding vast amounts of data, their physical security is essential and should be placed as an integral part of any facilities security plan.