Building Physical Security into Your Data Center

Whether Fortune 500 company or an upscaling startup, if you store customer data en mass, you’ll need a data center and it’s well worth the effort to build it in a secure manner. Incidents of data breach and theft are skyrocketing in the recent years with Breach Level Index citing 1.3 billion in 2016. That is 3.7 million breaches per day. The most sought-after data in these breaches have been identity information. Follow these guidelines when setting up your secured center to better protect your customers.

Location location location

When initially planning your data center, there are two big questions – do you build from the ground up or do you “retrofit” and already existing building to meet your needs. There is no simple answer to this. Retrofitting an older building has the value of dramatically lowered cost. If the location of the building you want is satisfactory, your budget allows you to convert it and the surrounding area to make it more secure, then it’s a good choice. If that isn’t the case and a new building is within your budget, start from scratch and build as needed for your specific security needs.

When deciding where here is what you should keep in mind – Is your location near probably seismic activity or flooding areas? Does the surrounding area allow for expansion if need be? Does the location enable connection of two separate sources for lines for power, water, and fiber optic internet? Power is especially important due to the prevention of server overheating. Is natural cover available and ample space between the road and your intended building? Boulders, gullies, and trees make getting a good view of your center difficult. The advantage to building over retrofitting is that these can be planned into the initial construction.

Physical security

An excellent place to start when considering physical security is closed-circuit television cameras. CCTV serves the purpose of identifying possible offenders inside and outside your building. Preferably, your system utilizes multiple full pan, tilt and zoom cameras outside of your building, with fixed cameras on all entry and exit points of your building and server room. If possible, store all the data at an off-site location.

Control your building access through minimal entry points. A single entry for visitors and a loading bay for deliveries allows you to bring all outside parties through a single location for identification by security personnel. For employees, access systems such as biometrics or identification cards by companies such as enable you to block or allow individual entry based on preset parameters e.g. clearance level.

Man-traps at entry points prevent individuals from accessing your facility by following employees or visitors upon their respective entry. This forces identification of anyone trying enter the premises. Exit only fire doors with active alarms prevent uninvited guests from entering unannounced while maintaining the safety of your employees.

Have protocols in place to protect physical information. Locking filing cabinets in rooms with sensitive data, maintaining a log of who has access to specific rooms and shredding paper files and disk of old data should be common practice in your data center.

Data Security

The first step creating a plan for securing your data is identifying what information is sensitive, what you use it for and where it’s kept within your building. Start by organizing and labeling all of the at potentially sensitive data and document the drawer, server or computer it is in or belongs in.

Once this is complete you can begin the process of isolating all the sensitive information in secure areas of your building when possible. For data, segregate your network into “secure” and “insecure” to better protect against accidental or purposeful dissemination.

With the secure and insecure data separated, you can begin the process of encrypting all the data on the secure side of your network. If the secure data is encrypted the lessens the chance of information compromise in case of a breach.

Stay up-to-date with your firewall, anti-virus, and anti-spyware software. Use a well-performing firewall and secure the center’s wireless connection if there is one. Put in place a policy that only allows downloads from specific, reliable sources and disallows outside mobile data sources.

Weak and/or stolen credentials are one the biggest causes of successful hacks that don’t rely on finding holes in your network. Verizon’s breach report states that roughly 76% of network intrusions involved weak credentials. Implement a company policy for passwords and preferably have the changed on a timetable with the prior password never to be used again.

The last piece of the puzzle

This is not the be all end all list of methods to secure your building. A perfectly secure data center simply doesn’t exist. The methods above serve the purpose of mitigating risk. Hiring employees with a strong of integrity is the other half of the equation. Well wishes and much success to you and your company.