Data is a precious commodity. It’s the backbone of modern society, a foundation of the business world, and the repository of our personal and professional documentation — from texts and email to photos and videos. Data centers have become a necessary part of the nation’s infrastructure. As with the electrical grid and water systems, they need protection.
Data Centers Face Multifaceted Threats
Today’s data centers face threats greater than theft and vandalism. Cybersecurity attacks are a near-constant challenge, from distributed denial of service (DDoS) attacks to the risks associated with unsecured client devices. It’s important to understand your cybersecurity posture and close holes that leave your systems open to attack.
But there are other threats to guard against, including those related to the physical security of data centers. Protecting a center against physical attacks and vulnerabilities is a big responsibility. Some entities have taken extreme measures, while others pursue a more basic approach. So, how much physical security is enough for your data center? I spoke about this topic at the 2017 Data Center World Global conference in Los Angeles.
Assessing the Need at Your Data Center
Finding the right solutions — within the budget — can feel overwhelming. Are locked doors and alarm pin codes enough? Does a facility need armed guards and monitored surveillance? Is a simple physical fence sufficient or should that fence incorporate mounted intrusion detection systems?
The first step is determining the appropriate level of physical security for your center by identifying your current security posture, analyzing your unique environment and executing a strategy for implementation. It’s necessary to establish a baseline, assess risk and develop a plan that allocates funding most effectively to reduce that risk.
Compliance is always a big question, and data centers can use several standards to validate physical security. But it’s also worthwhile to look at best practices from other industries — especially those that protect other critical infrastructure — such as the North American Electric Reliability Corp. (NERC) Critical Infrastructure Protection (CIP) Standards.
The Right Security Solution for the Right Environment
Determining the right physical security solution can be complex — and there is no single answer for every environment. At the Data Center World conference presentation, I explored the types and purposes of a physical security assessment program — information that will help operators determine the appropriate level of security at a given location.
Case studies demonstrate the range of physical security measures and illustrate the difference between knee‐jerk reactions and well-considered physical protection planning.
Interested in learning more? Comment or connect on LinkedIn. I’d be happy to talk through your physical security needs.