Maintaining a physically secure data center should be important to every business. However, many companies may not be able to afford the military grade level security required to adequately protect valuable IT infrastructure.
Incorporating the equipment, personnel, and systems needed for a highly secure company-owned facility or data center environment can be cost prohibitive for many companies.
However, all organization can benefit from the highest security standards by outsourcing their operation to an experienced data center provider. Top-tier providers have already made a significant investment in physical security.
With the right provider selection, businesses can access a military-grade data center without needing the security expertise or capital outlay required to run their own data center.
Performing a Security Risk Assessment
Concerning physical security, business decision-makers need to analyze two things:
- What impact would a physical security breach into the IT environment have on the business?
- What is the likelihood a security breach could happen in a particular facility?
With this information, executives and IT professionals can make a determination regarding the type of facility they need in terms of physical security.
The greater the impact of a security breach, the more important it is to house operations in a military-grade facility.
Identifying Important Physical Security Features in an Outsourced Data Center
Selecting a secure facility involves several principles. At a minimum, most companies need the following features:
- Entry Points – Access to the facility must be limited and strictly controlled. Perimeter fencing is critical to reduce traffic around the building and ensure security. Also, visitors should be allowed to enter through one location, and deliveries need to pre-notified and directed to a loading bay.
- Man-Traps – To eliminate unauthorized visitors, data centers must implement man-trips to monitor entry and exit. Man-traps prevent “tailgating” which is when someone follows another through a door before it closes.
- Internal Facility Access –Data center providers control who is permitted in each area of the data center. Biometric access on doors, for example, allows only authorized personnel to enter specific areas. Access should also be designed in a layered fashion. As the person goes deeper into the data center, the more checkpoints he or she must pass through.
- Cameras – For the best physical security, video surveillance is required around the outside perimeter of the facility, including all entry/exit locations, as well as throughout the inside of the building. Video footage should be digitally stored and be easily accessed when needed.
- Door Alarms – All doors, including fire exists, must be alarmed. The facility provider needs to know when doors are opened or left open for a period of time.
- Upgraded Door Locks – Sometimes companies upgrade older facilities with more advanced locks. However, they must also reconfigure doors so hinges are located on the inside to avoid having the hinge pins easily removed.
- Parking Lots – Just as the building must be secured, so should access to the parking lots. Entry is often controlled using gates, concrete bollards, perimeter fencing and security personnel to identify authorized access.
- Testing Protocols – How often and to what extent does the provider test its physical security systems? Video surveillance, alarms, access systems and security procedures need to be audited regularly.
- Security Personnel – Does the provider hire contract security or use permanent security staff? Although contract staff can offer some benefits, permanent staff allows a data center provider to know its security personnel on a deeper level. Permanent staff also tends to know the company better in terms of the site, processes and people. Whether contract or permanent, security personnel must be onsite around the clock, every day of the year.
These items provide a starting point for developing a comprehensive security checklist. At the end of the day, most companies require military-grade security to protect its mission-critical IT infrastructure. The thought of losing data, systems access, or having key applications go down are usually not acceptable in for most businesses.
For more information about military-grade data center security, visit http://www.cyrusone.com/.