7 Layers of Data Center Security For Optimal Business Protection
Data centers are data gold mines, and in a lot of ways, they are also the engines of companies and organizations. Data centers are where data is processed and stored, including everything from private customer data to sensitive company information. Data centers are also networking hubs and gateways to cloud storage and cloud applications. They are also hubs through which video, voice, and messenger app communications flow. This is why data center security is so important, and companies should ensure their data centers are protected, physically and virtually, at all times. To understand how secure a data center is and how to enhance security, think about it in layers, starting from the outside in.
It does take a considerable host of resources and know-how to address the complexities of data center security. Preventing attacks requires both budgets and planning to deal with existing and future challenges. More than 34% of CIO.com’s 2020 State of the CIO respondents agree that security and risk management is already the number one driver of IT spending. Let’s take a deeper look at what it takes to secure data center space and the provisions that colocation puts in place for its customers.
Secure the perimeter
If a data center is a standalone facility, the perimeter should be secured with fencing on all sides. A security booth with a camera should continuously monitor traffic going in and out of the gate. Vehicles and pedestrians should not be able to pass the perimeter without being granted access, whether by personnel or through authentication. If the data center is in a building in an urban area, then building access should be tightly controlled by the building’s security service, including 24-hour monitoring and access control.
Limit entry points
A secure data center will keep entry points to a minimum, and there should never be an outside door into the data hall. Many data centers will have a man trap between exterior access points and the data hall. A mantrap is simply an empty room between two locked doors, forcing anyone who enters to pass through two secure doors before getting to the entrance of a data hall, which should also have a secure door.
Install video surveillance and maintain archives
Secure data centers should have CCTV cameras installed throughout the facility (especially at doors). Entryways should be continuously monitored, and cameras should constantly record footage. Data center staff should strictly maintain video archives in case anyone needs to verify who accessed the data hall on a particular date.
Require authentication at multiple points
All employees, tenants, and others who try to enter a data center should first be authenticated at the perimeter with a badge or some other form of unique identification. On-site security personnel should question anyone without a badge before they are permitted to enter. The same applies to entering the building. Employees and tenants should use their badges and/or biometrics to enter. Once inside the data center, people should not be allowed to enter the data hall without passing through some type of biometric scanning. The best form of security is dual-factor authentication, requiring employees and tenants to enter a code in addition to passing a biometric scan to enter.
Install cage and cabinet security
Inside the data hall, servers and networking equipment should be protected inside secure cages, cabinets, and racks. Company-owned data centers may not have racks inside cages, but they are more common in colocation data centers. Cages add an extra layer of security and can include remotely managed locks, access cards, or even biometric access control systems. Some companies choose to install cages that include a ceiling, blocking access to their data center footprint from above. Additional protection can be added to cabinets inside the cage including remotely managed locks and in-rack cameras. For an additional level of security, integrate this entire security system with a company’s data center infrastructure management software, allowing security operations to monitor access to company equipment 24/7.
Segment and protect the network
The next layer of data center security is virtual. Protect data and communications from hackers with network firewalls, web application firewalls (WAFs), and VPNs that require dual-factor authentication to enable the connection. Monitor network traffic with intrusion detection or intrusion prevention system (IDS or IPS). Also ensure that networks are segmented so that if an intrusion is detected, the infiltrated part of the network can be isolated from the rest. Combine these network tools with the previously described physical security features to ensure every physical and virtual door to your data is guarded and monitored.
Strictly enforce policies and procedures
All network and physical security measures are for naught if data center staff do not strictly adhere to security policies and procedures. Security personnel must be vigilant and organized, maintaining tightly managed records of video archives, access codes, and entry and exit logs for everyone who visits the data center. They should also monitor people while they are in the data halls, ensuring they don’t record or take pictures of access points or deployments. Staff should also perform regular security checks. One indication that a colocation provider maintains strict security procedures is the list of their compliancy certifications and annual audits. For businesses in highly regulated sectors consider the following compliance requirements. Healthcare companies must comply with the Health Insurance Portability and Accountability Act (HIPAA), educational institutions are subject to the Family Educational Rights and Privacy Act (FERPA), and organizations handling credit card payments have to follow the Payment Card Industry Data Security Standard (PCI DSS).