Data Centre SecurityData Centre SecurityStarHub Business Site
StarHub Business Site
Data Centre Security
7 steps defending data centre against physical threats
The mission critical role of the data centre means that a lot of research and planning goes into setting up one. Non-negotiable considerations range from having diverse fibre optic paths for redundant connectivity and adequate backup power generators and fuel supply in the event of an extended power outage.
Other considerations for establishing a data centre may be less obvious. For example, data centres must be located well away from flood prone areas, and should not be under the designated flight paths for planes. Critically, multiple layers of security are put in place to secure the physical data centre from threats stemming from physical intrusions to terrorist attacks.
With this in mind, we highlight some of the most common measures to secure the physical data centre below.
- Full interior and exterior video surveillance
Modern data centres are protected round-the-clock by an extensive array of video surveillance equipment. Located not just within the building, they are also typically positioned to cover external driveways and walkways just outside the facility to spot people loitering in the vicinity and other suspicious activities. While video feeds are monitored in real-time by a trained team inside the data centres, they are also recorded for post-incident analysis or future review.
- Security guards, quick reaction team
It is one thing to spot a potential security breach and another to be in a position to act upon it with immediacy. Data centres have quick reaction teams that can be dispatched to problems spots, or to quickly investigate a suspected breach. In addition, roving teams of security guards serve as an additional layer of defence to spot security or safety lapses that may be missed by the video surveillance.
- Hardened perimeter
Published by the Monetary Authority of Singapore (MAS) in Singapore, the Technology Risk Management Guidelines seeks to establish risk management guidelines and best practices for financial institutions in the country. Threat Vulnerability Risk Assessment (TVRA) is a subsection that deals specifically with security threats or weaknesses in the operation of a data centre, and looks at a variety of threat scenarios including unauthorized entry, arson and explosives, among others. While TVRA is not mandatory at this point, compliance certainly illustrates a greater security consciousness.
- Biometric scanners and mantraps
Employees who are authorized by their organization to access the data centre will first need to go through a registration process. This allows for the creation of photo identification security badges, and the capturing of biometric identifiers such as thumb, palm or iris patterns into backend authentication systems. The latter allows for the use of biometric scanners throughout the data centre, including within mantraps to prevent tailgating. Regardless, all access and authentication attempts to the data centre are automatically logged.
- Pre-registration for all visitors
To foil social engineering or impersonation attempts, visitors to the data centre will need to be registered at least a day ahead of their visit. In addition, the visitor must also bring along the appropriate photo ID identification toe exchange for a visitor’s badge on the day of their visit, and must be accompanied at all times by an authorized personnel.
- Card-access throughout the data centre
While key rooms or entry points within the data centre are often secured with biometric authentication systems, it is generally not feasible to install them everywhere. On this front, the use of card readers allows for a more granular approach to secure common facilities such as elevators and the loading bays. Importantly, the logs generated by card access helps ratchet up the security even on less critical areas, and their logs lend themselves to subsequent scrutiny and audit.
- Rack level security
Finally, security implemented at the rack level helps protect equipment from unauthorized access. This could be implemented by means of a PIN code, and serves as a final defence to deter opportunistic attempts at accessing an unlocked private vault or cage area.