Pic 2

Protecting data centres: don’t neglect physical security

Posted: January 16th, 2015

Our MD, Mike McColl, on the physical security risks facing data centres – and what can be done to counter them.

The data centre sector has always placed cyber security high on its agenda and it’s no surprise to learn that, according to BAE Systems Applied Intelligence’s latest Business and the Cyber Threat: The Rise of Digital Criminality Report, 90 per cent of UK businesses expect the number of cyber attacks to increase.

But while this is indeed a key challenge, ensuring that data centres are also protected from physical attack should be of paramount importance – and the construction industry has developed some innovative solutions to address security threats, for both newly built facilities and existing operations.

Physical security breaches can lead to high value equipment, such as server units, being stolen, interruptions to service and confidential information falling into the wrong hands: theft, corporate espionage, vandalism and terrorism can all come into play, and have major implications for data centres and their customers.

A burglary, in 2011, at an exchange facility of a major telecommunications provider in Basingstoke, is an alarming example of the potential repercussions of a security breach. During the night, thieves broke into a data centre with the intention to steal specialist networking equipment and IT hardware, and damaged routing equipment in the process. This resulted in thousands of people being unable to make calls or send text messages for a significant amount of time and there was uncertainty, at one point, as to whether personal data had been accessed or compromised.

We are, however, noticing an increasing shift in attitude within the data centre sector and a growing realisation that there is now a real need to heighten physical security. Increasing refinements in the design of new build and retrofit alterations which identify ‘mission critical’ areas in a data centre have also occurred in recent years – these have helped key industry decision makers to simplify the product evaluation process by determining the correct and most viable building methods to be utilised in a particular environment.

Traditional security measures, of course, have their part to play in protecting data centres. CCTV cameras, perimeter fences, external barriers, alarms, appropriately-rated doors, security staff and integrated access control systems all form part of a ‘layered’ approach to security. Even planting and landscaping can deter intrusion.

But all of these measures combined may still not be enough to prevent determined criminals from causing a security breach in a data centre.

And while data centres will often use standard composite panels to form walls, ceilings, and partitions, these will not provide adequate protection against serious attack from high impact tooling equipment such as disc grinders, sledgehammers, jig saws and high powered cutting devices – this level of protection is crucial in safeguarding key areas of a data centre. Standard brick or block walls are also vulnerable, with their joints acting as points of weakness.

When safeguarding servers, data and other hardware, data centre professionals should therefore consider the quality of their prime barrier. A certified, approved system – whether it’s a full modular room or partition – will not only protect critical areas in a data centre, but also help its operators to meet insurance requirements. Measures such as high security panels can also address the security concerns created by co-location premises, allowing companies to compartmentalise to a higher security level and protect their critical hardware and data from unauthorised access from elsewhere in a facility.

Any physical security measures – such as wall panels, ceiling panels and locks – used to protect critical areas such as control rooms, should be certified by the Loss Prevention Certification Board (the standard is LPS1175) and/or approved by the Centre for the Protection of National Infrastructure (CPNI) to guarantee both their quality and suitability. Anything less and a data centre’s ‘inner sanctum’ can be left vulnerable to attack.

This article was originally appeared on Data Centre Solutions.

< back