From the Outside In: A Walk Through Data Center Security Measures

It should come as no surprise that data center security is a prime concern for everyone involved in the process of creating, maintaining and using the facility. Most important of these varied stakeholders is the corporate or private end-user, who must sense that their data is safe. Obviously, it’s a vital issue, key to the successful operation of a data center. In fact, security strategy was ranked a must in Verity Commercial’s recent Big Nine considerations of pre-project planning.

We should note upfront that security in data centers is a different conversation than it would be for other commercial real estate, say an office building or shopping center, both of which must combine security with a certain freedom of movement. There’s no such movement in a data center, and the security protocols are in place to send the message, especially to visitors, that every move is being scrutinized. If that makes you a bit uneasy, the system is doing its job.

The View From the Street: Going Far Beyond Typical Warning Signs

So, let’s visit a data center–starting at the gate, and take note as we go–or at least try to notice–the security measures in place. We said “try to notice” because, while there are obvious prevention techniques, fences and cameras, there’s much in the most sophisticated data centers that will go unseen . . . even while they’re noticing you. Needless to say, the security strategy can be as advanced as cutting-edge technologies will allow. It’s all a question of what the budget can bear.

Data center tenants live and die by the security of their data. For deep-pocket hyperscalers, the Amazons and Googles of the world, data facilities almost by definition are among the most advanced. Much has been written lately about the extreme measures data centers are modeling and their top-of-the-line security systems. We’re not in Kansas anymore, entering a world that includes, but only begins, with ample signage and strategically placed security cameras. (A complete list of content sources appears at the end of this blog.)

So, here’s a riddle: When is a fence more than a fence? Answer: When it’s smart, able to detect someone touching it or even approaching. Of course, anti-climb designs along with signage and visible human guards to allow or deny entrance are all deterrents, psychological as well as physical. Even if they get in retractable vehicle crash barriers can prevent unwanted trucks and cars from getting farther in . . . or out.

Someone Is Watching; Someone Is ALWAYS Watching

Once we’re passed the gate and we enter the secure lobby, both activities that fall under the watchful eye of the Security Operations Center (SOC) deep within the facility, iris scanning in addition to our ID cards can confirm or reject our identities. From here on in, as we get incrementally closer to the actual data center floor, only one person will be allowed to badge through a door at one time.

Entering the data center floor is a privilege restricted to a chosen, trusted few, and is granted only on a strict as-needed basis, which limits entry pretty much to technicians and engineers. As Amazon states: “Access points to server rooms are fortified with electronic control devices that require multi-factor authorization. We’re also prepared to prevent technological intrusion. . . . Servers can warn employees of any attempts to remove data. In the unlikely event of a breach, the server is automatically disabled.”

Rarely, customers can access the floor for their own data drives, but the data stored therein are encrypted, adding yet another layer of protection. As one Google senior executive said, “Protecting the privacy and security of our users’ data is our highest priority.” (Customers are assigned encryption keys so they can access their data.)

While the data center floor is the beating heart of the operation, there’s one area potentially even more secure: The so-called crusher room, where drives are erased and destroyed. Drives needing to be retired enter the room on their own, through a two-way locker system, so only technicians assigned to the room can get their hands on them. Says Amazon: “We have exacting standards on how to install, service and eventually destroy the devices when they are no longer useful.”

(Now for a security fun fact: Some hyperscalers actually hire firms to attempt break-ins from the outside while employees themselves are often tasked to attempt breaches in security protocols from the inside.)

The Great Escape: Just Try to Wriggle Out of This One!

So, let’s assume the absurd: If someone were able to pass the front gate, stump the iris scanner and puzzle out a fake cardkey to get to the data-room floor, they’re now faced with the challenge of getting out, which, as video host and Googler Stephanie Wong states, “is arguably even harder than getting in.” Everyone goes through full metal detection every time they exit the data center floor, and always under the ever-vigilant eye of SOC.

Of course, not every installation is a Google or an Amazon location. But if you’re still defining data center security as a retired cop with a sleeping dog by his side, you’ve got a lot to learn about data protection.

Verity Commercial is here to help. Contact us today to discuss your own data center needs.

Additional Resources:

AWS: Our Data Centers

Google Data Center Security: 6 Layers Deep

The 6 Layers of Google GCP Data Center Security

The Four Layers of Data Center Physical Security for a comprehensive and Integrated Approach 

# # #

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *