Most, if not all data centres, employ strong measures to help protect client information from unseemly access or use by unauthorised persons, either externally or internally. But with a world now firmly in the digital age, and a hacking community more sophisticated and complex, you may be wondering just how secure is your data centre?
What sort of security does it have?
Experts recommend various physical measures for site security such as anti-climb fencing, protective barriers, access control systems, turnstiles and other aspects of the building construction that may be able to create physical barriers for the perimeter of the data centre.
Not only must the site be physically secure, the network must also be safe from attack. Since data centres are served by networks, security designers will need to plan adequate protection into those network trajectories that run to a data centre. That may mean installing firewalls, anti-virus software, or anything that prevents data breaches or other network security vulnerability issues from potential attacks.
SCC’s data centres are 24x7x365 manned secure facilities, protected by perimeter security cameras, infrared night vision, internal surveillance monitoring of all entrances and a manned security desk, ensuring the ultimate protection for your data.
Requirements your data centre should meet
Data centre security may vary according to the type of data centre in question. TIA-942-A “Telecommunications Infrastructure Standards for Data Centres” categorises data centres into four tiers; these levels specify the minimum requirements for data centre infrastructure and what kind of security measures it may need:
Tier 1 – Combined visitor and employee parking areas, industrial grade locks to doors, no camera surveillance requirement, security desk not required, no requirement for security staff
Tier 2 – Combined visitor and employee parking areas, intrusion detection capabilities to doors, no camera surveillance requirement, security desk not required, security staffing 5 days a week
Tier 3 – Physically separate visitor and employee parking areas, electronic card access to doors, single person anti pass-back portal to data centre floor, camera surveillance to all areas, digital recording 20 frames/ sec minimum, security desk required with monitoring capabilities, security staffing 7 days a week, 24 hours.
Tier 4 – Physically separated by fence visitor and employee parking areas, electronic card access preferably with biometrics to doors, single person anti pass-back portal to data centre floor, camera surveillance to all areas, digital recording 20 frames/ sec minimum, physically separated security desk required with monitoring capabilities, security staffing 7 days a week, 24 hours with extra staff for walk-around patrols
Tier 3 or 4 is the most desirable for companies that require the increased performance, availability and advanced security requirements associated with today’s IT centric business and commerce.
Access to your data centre should be considerably difficult because without it, frankly, your data is in jeopardy
As well as these requirements, your data centre should hold certain accreditations for secure business processes, such as:
ISO 9001 – Quality Management System
ISO 20000 – IT Service Management Processes
ISO 22301 – Business Continuity Management
ISO 27001 – Information Security Management
How hard is it to gain access?
Access to your data centre should be considerably difficult because without it, frankly, your data is in jeopardy. Usually, anyone entering the most secure part of the data centre would be authenticated at least five times using a layered process:
1. At the site entrance gate or parking entrance. This is where approved photographic ID is checked to ensure that the person is the same as the person on the site access request documents.
2. At the inner door that separates the visitors from the general building staff. This where identification is checked again and where security staff issue a proximity card for building access.
3. At the entrance to the data centre. Normally, this is the layer that has the strongest ‘positive control,’ meaning no tailgating is allowed through this check. Access should only be through a proximity access card and all access should be monitored by camera surveillance. So this will generally be one of the following:
- A floor-to-ceiling turnstile. If someone tries to get in behind an authorised visitor, the door will gently revolve in the reverse direction. (In case of a fire, the walls of the turnstile flatten to allow quick egress.)
- A man-trap. Provides alternate access for equipment and for persons with disabilities. This consists of two separate doors with an airlock in between. Only one door can be opened at a time and authentication is needed for both doors.
4. At the entrance to the data hall or private cage. Data halls or secure cages provide additional security benefits by reducing the number of authorised persons within a specific area. Authorised persons are limited specifically to their equipment area and cannot wander throughout the entire facility.
5. At the door to an individual server cabinet. Racks should have lockable front and rear doors that use a three-digit combination lock as a minimum. This is a final check, once someone has access to the data floor, to ensure they only access authorised equipment.
As a major primary resource for corporations, data centres should possess this kind of dedicated security effort. Having a secure data centre is a must, and being aware of measures as such, will equip you with a better understanding on the security of your data; particularly if you choose to audit your colocation provider if you don’t run your own facility.