Today's Enterprise

From yesterday’s in-house server room to colocation at data centers

Protecting servers and data has evolved rapidly over the past 15-plus years. Early on, concerns centered around the environmental conditions of where servers were housed within a building and the effects of humidity, temperature and air quality on their performance. This led to a better understanding of the need for a controlled environment to maximize equipment lifespan and capacity. It was also a driving force behind consolidating servers in a common space, i.e., the data center.

The focus quickly shifted to points of vulnerability and protecting assets with increasingly stringent access control measures to prevent unauthorized characters from entering and doing something malicious.

An Audit Trail
As sophisticated electronic access control (EAC) solutions emerged, so did the additional benefit of audit trails, which provide greater accountability for who presented credentials where and when. This is useful for capturing maintenance and compliance activity as well as forensic information if a physical security breach occurs.

Another major shift in recent years is where data centers are being built. We used to see them located near major power-generating facilities and in geologically and meteorologically safer areas away from seismic-prone and major storm regions. That is no longer the case. With businesses moving more computing offsite and the proliferation of cloud services, more data centers are going up everywhere across the United States.

As a result, there is more demand for windstorm-rated, blast-resistant-rated, and other specialty doors, as well as the proper hardware to support them. In addition, oversized openings are common in data centers where large equipment needs to be moved in and out. Doors that offer sound attenuation are also in demand to meet certain sound transmission class (STC) ratings.

New EMI-RFI/STC shielding door and frame assemblies with adjustable seals are now available. These assemblies are ideal for data centers, SCIF (sensitive compartmented information facility) locations, or any other environment needing to protect and secure electronic information.

Why Data Center Security is Vital
The continuous evolution of innovative technology, stronger procedures and greater vigilance is vital. Today’s connected world relies on a nonstop flow of data to power our devices and networks. If this source of data is compromised, the daily operations of critical businesses and corporations can stop slowly, which can have a negative impact on people’s lives and a brand’s reputation. Disruptions can also result in fines and penalties for non-compliance with security regulations.

According to IBM’s 2023 Cost of a Data Center Breach report, the global average cost of a data breach in 2023 was $4.45 million USD, a 15% increase over three years. Subsequently, this growing reliance on flawless data center operations requires an investment in comprehensive physical security to prevent breaches.

Data center managers must rely on the latest technology and industry best practices to provide viable and cost-effective physical security for their facilities. Whether they are company-owned data centers, co-locations or managed services, organizations must do all they can to comply with the challenges of legislation such as the Health Insurance Portability and Accountability Act (HIPAA) and the Sarbanes Oxley Act of 2002 (SOX). This takes an enhanced approach to security that extends to the server rack.

Scalable security measures range from those covering the perimeter and power management to multiple levels of access control, including hardened doors, visitor management vestibules, security revolving doors, biometrics like facial identification or digital access locksets for individual server cabinets.

Controlling Data Center Energy Consumption and Climate
While access control and physical security are essential, that does not mean a data center’s environmental conditions have taken a back seat. Far from it. In fact, physical security, environmental control, and sustainability have grown in parallel.

Data centers require a tightly controlled environment in terms of airflow seepage, air quality, humidity, and temperature levels, all of which contribute to greater energy efficiency. That means ensuring doors and frames keep required cooling in place with proper weather stripping and door seal components. It also means the energy required to operate security products must be kept at a minimum.

As an example of how unique requirements drive innovation, a data center provider came to us years ago looking for an access control electromechanical lock for card reader openings that had to satisfy two needs that didn't exist at the time. First, it had to consume significantly less power to operate. Second, it had to incorporate a security feature with an end-of-line resistor to help monitor whether someone was tampering with the communication and power to that opening.

That dual requirement was the catalyst behind our company moving from solenoid-driven electromechanical hardware to motorized lock solutions. Doing so immediately reduced electromechanical power consumption by 95%. That’s significant since the less energy a data center uses on door and access security (and HVAC), the more it can allocate for computing power.

Those savings add up quickly, given the size and scope of today’s data centers. For collocation operations, in particular, energy re-balancing translates into more capacity and billable services. Incorporating the resistor into the body of the lock set helped protect against the possibility of someone tampering with that secure opening.

Of course, security needs vary depending on the type of data center. Let’s look at three that are most common.

Government Data Centers
Data centers designated for military, national security/national defense and intelligence agencies are designed and constructed to meet SCIF requirements and ensure classified information security. It may pertain to an entire data center or a portion of a facility.

Outside these data centers, perimeter fences, bollards, guard houses, and other robust barriers are typical. Access to SCIFs is normally limited to individuals with appropriate security clearance. Electronic devices such as cell phones, smart watches, flash drives (other than those that are government property) are prohibited.

Enterprise Data Centers
An enterprise data center is one that is owned and operated by a single organization to support its IT and data needs. It may be located on the grounds of a corporate location or off-premises. These data centers are typically constructed as large, open spaces within a hardened data center shell that houses row upon row of server cabinets.

Even though not compartmentalized like colocation facilities, several layers of security are required to adequately protect this type of facility, starting with perimeter fencing and exterior doorways. Exterior doors lead to interior corridors, which lead to server rooms and server cabinets. At each point in this process, proper protections must be taken to ensure the security of the data.

Colocation Data Centers
These facilities share the same door security needs as enterprise data centers but with an additional layer of access control requirements. Since the facility is shared among several companies, authorized users are only assigned access privileges to their specific vaults or compartmentalized areas of the building.

Creating Three Lines of Defense to Secure Your Data Center
Perimeter security. Perimeter security controls access to the building. Basic components can include industrial and high-security fencing, bollards, guard booths, and entry barriers that help prevent unauthorized access.

The heavy steel construction and intimidating profile of high-security fence can function as visual deterrents against intrusion. The latest generation of this fence features bracketless design, heavier posts and redesigned rail, allowing easier integration with intrusion detection systems, surveillance video and other monitoring devices.

Access to the building and spaces within. As big as the footprints of today’s data centers can be, they typically do not require many employees to manage and secure them. It could be as few as half a dozen in some cases, or up to 50 depending on the scale of the physical plant and assets inside.

Regardless, it is crucial to ensure staff is indeed currently authorized, that airtight processes are in place for vetting and escorting contractors and visitors or, in the case of co-located services, that proper access control segmentation is in place.

Commercial-grade doors, frames and hardware provide a means to restrict access to the facility and specific areas within it, a primary goal in any building. Some data center main entrances feature a vestibule where a visitor will enter and wait until granted (or denied) further access.

Depending on the requirements of some jurisdictions, more facilities today are installing a security revolving door that momentarily holds a visitor until cleared for access. Revolving doors also help prevent tailgating. If a tailgater is sensed, the door will temporarily trap that person. For those denied access, the door can be reversed to back people out.

In addition, certain regions may require doors, frames and hardware that can overcome hurricane, tornado, emergency egress, and other challenges that pose life-safety threats. You can protect against these hazards with doorways designed and evaluated to withstand such extreme conditions.

Server cabinet security. As more companies move into shared locations, the opportunities for unauthorized server access increase; the potential costs are high, whether the intrusion is accidental or malicious. An additional layer of access control, such as OSDP server cabinet locks, can reduce this risk.

Accounting for Power and Backup Capacity
Another critical line of defense is having a backup generator on-site to help ensure that operations stay up and running during utility outages. Many data centers even have redundant backup systems. Since these generators rely on diesel and other fuel sources, extra security measures need to be considered as to where fuel tanks and pipelines are located. Are they exposed and possibly vulnerable?

A major factor in the development potential of land parcels is how robust and secure the electrical grid and fiber optic network are to meet the intense power and communication demands of data centers. Are utility substations well-monitored and enclosed within one of our sophisticated fence systems? Are the substations located within the footprint of the data center campus or down the road, requiring additional considerations and coordination with local jurisdictions and utilities?

Depending on their purpose, sensitivity, location, exposure to extreme conditions and who needs authorized access, it is clear there are many layers to consider concerning the physical security of today’s data centers and the critical infrastructure that supports these vital fortresses.

This article originally appeared in the July / August 2024 issue of Security Today.

Featured

Featured Cybersecurity

Webinars

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3