Today's Enterprise

From yesterday’s in-house server room to colocation at data centers

Protecting servers and data has evolved rapidly over the past 15-plus years. Early on, concerns centered around the environmental conditions of where servers were housed within a building and the effects of humidity, temperature and air quality on their performance. This led to a better understanding of the need for a controlled environment to maximize equipment lifespan and capacity. It was also a driving force behind consolidating servers in a common space, i.e., the data center.

The focus quickly shifted to points of vulnerability and protecting assets with increasingly stringent access control measures to prevent unauthorized characters from entering and doing something malicious.

An Audit Trail
As sophisticated electronic access control (EAC) solutions emerged, so did the additional benefit of audit trails, which provide greater accountability for who presented credentials where and when. This is useful for capturing maintenance and compliance activity as well as forensic information if a physical security breach occurs.

Another major shift in recent years is where data centers are being built. We used to see them located near major power-generating facilities and in geologically and meteorologically safer areas away from seismic-prone and major storm regions. That is no longer the case. With businesses moving more computing offsite and the proliferation of cloud services, more data centers are going up everywhere across the United States.

As a result, there is more demand for windstorm-rated, blast-resistant-rated, and other specialty doors, as well as the proper hardware to support them. In addition, oversized openings are common in data centers where large equipment needs to be moved in and out. Doors that offer sound attenuation are also in demand to meet certain sound transmission class (STC) ratings.

New EMI-RFI/STC shielding door and frame assemblies with adjustable seals are now available. These assemblies are ideal for data centers, SCIF (sensitive compartmented information facility) locations, or any other environment needing to protect and secure electronic information.

Why Data Center Security is Vital
The continuous evolution of innovative technology, stronger procedures and greater vigilance is vital. Today’s connected world relies on a nonstop flow of data to power our devices and networks. If this source of data is compromised, the daily operations of critical businesses and corporations can stop slowly, which can have a negative impact on people’s lives and a brand’s reputation. Disruptions can also result in fines and penalties for non-compliance with security regulations.

According to IBM’s 2023 Cost of a Data Center Breach report, the global average cost of a data breach in 2023 was $4.45 million USD, a 15% increase over three years. Subsequently, this growing reliance on flawless data center operations requires an investment in comprehensive physical security to prevent breaches.

Data center managers must rely on the latest technology and industry best practices to provide viable and cost-effective physical security for their facilities. Whether they are company-owned data centers, co-locations or managed services, organizations must do all they can to comply with the challenges of legislation such as the Health Insurance Portability and Accountability Act (HIPAA) and the Sarbanes Oxley Act of 2002 (SOX). This takes an enhanced approach to security that extends to the server rack.

Scalable security measures range from those covering the perimeter and power management to multiple levels of access control, including hardened doors, visitor management vestibules, security revolving doors, biometrics like facial identification or digital access locksets for individual server cabinets.

Controlling Data Center Energy Consumption and Climate
While access control and physical security are essential, that does not mean a data center’s environmental conditions have taken a back seat. Far from it. In fact, physical security, environmental control, and sustainability have grown in parallel.

Data centers require a tightly controlled environment in terms of airflow seepage, air quality, humidity, and temperature levels, all of which contribute to greater energy efficiency. That means ensuring doors and frames keep required cooling in place with proper weather stripping and door seal components. It also means the energy required to operate security products must be kept at a minimum.

As an example of how unique requirements drive innovation, a data center provider came to us years ago looking for an access control electromechanical lock for card reader openings that had to satisfy two needs that didn't exist at the time. First, it had to consume significantly less power to operate. Second, it had to incorporate a security feature with an end-of-line resistor to help monitor whether someone was tampering with the communication and power to that opening.

That dual requirement was the catalyst behind our company moving from solenoid-driven electromechanical hardware to motorized lock solutions. Doing so immediately reduced electromechanical power consumption by 95%. That’s significant since the less energy a data center uses on door and access security (and HVAC), the more it can allocate for computing power.

Those savings add up quickly, given the size and scope of today’s data centers. For collocation operations, in particular, energy re-balancing translates into more capacity and billable services. Incorporating the resistor into the body of the lock set helped protect against the possibility of someone tampering with that secure opening.

Of course, security needs vary depending on the type of data center. Let’s look at three that are most common.

Government Data Centers
Data centers designated for military, national security/national defense and intelligence agencies are designed and constructed to meet SCIF requirements and ensure classified information security. It may pertain to an entire data center or a portion of a facility.

Outside these data centers, perimeter fences, bollards, guard houses, and other robust barriers are typical. Access to SCIFs is normally limited to individuals with appropriate security clearance. Electronic devices such as cell phones, smart watches, flash drives (other than those that are government property) are prohibited.

Enterprise Data Centers
An enterprise data center is one that is owned and operated by a single organization to support its IT and data needs. It may be located on the grounds of a corporate location or off-premises. These data centers are typically constructed as large, open spaces within a hardened data center shell that houses row upon row of server cabinets.

Even though not compartmentalized like colocation facilities, several layers of security are required to adequately protect this type of facility, starting with perimeter fencing and exterior doorways. Exterior doors lead to interior corridors, which lead to server rooms and server cabinets. At each point in this process, proper protections must be taken to ensure the security of the data.

Colocation Data Centers
These facilities share the same door security needs as enterprise data centers but with an additional layer of access control requirements. Since the facility is shared among several companies, authorized users are only assigned access privileges to their specific vaults or compartmentalized areas of the building.

Creating Three Lines of Defense to Secure Your Data Center
Perimeter security. Perimeter security controls access to the building. Basic components can include industrial and high-security fencing, bollards, guard booths, and entry barriers that help prevent unauthorized access.

The heavy steel construction and intimidating profile of high-security fence can function as visual deterrents against intrusion. The latest generation of this fence features bracketless design, heavier posts and redesigned rail, allowing easier integration with intrusion detection systems, surveillance video and other monitoring devices.

Access to the building and spaces within. As big as the footprints of today’s data centers can be, they typically do not require many employees to manage and secure them. It could be as few as half a dozen in some cases, or up to 50 depending on the scale of the physical plant and assets inside.

Regardless, it is crucial to ensure staff is indeed currently authorized, that airtight processes are in place for vetting and escorting contractors and visitors or, in the case of co-located services, that proper access control segmentation is in place.

Commercial-grade doors, frames and hardware provide a means to restrict access to the facility and specific areas within it, a primary goal in any building. Some data center main entrances feature a vestibule where a visitor will enter and wait until granted (or denied) further access.

Depending on the requirements of some jurisdictions, more facilities today are installing a security revolving door that momentarily holds a visitor until cleared for access. Revolving doors also help prevent tailgating. If a tailgater is sensed, the door will temporarily trap that person. For those denied access, the door can be reversed to back people out.

In addition, certain regions may require doors, frames and hardware that can overcome hurricane, tornado, emergency egress, and other challenges that pose life-safety threats. You can protect against these hazards with doorways designed and evaluated to withstand such extreme conditions.

Server cabinet security. As more companies move into shared locations, the opportunities for unauthorized server access increase; the potential costs are high, whether the intrusion is accidental or malicious. An additional layer of access control, such as OSDP server cabinet locks, can reduce this risk.

Accounting for Power and Backup Capacity
Another critical line of defense is having a backup generator on-site to help ensure that operations stay up and running during utility outages. Many data centers even have redundant backup systems. Since these generators rely on diesel and other fuel sources, extra security measures need to be considered as to where fuel tanks and pipelines are located. Are they exposed and possibly vulnerable?

A major factor in the development potential of land parcels is how robust and secure the electrical grid and fiber optic network are to meet the intense power and communication demands of data centers. Are utility substations well-monitored and enclosed within one of our sophisticated fence systems? Are the substations located within the footprint of the data center campus or down the road, requiring additional considerations and coordination with local jurisdictions and utilities?

Depending on their purpose, sensitivity, location, exposure to extreme conditions and who needs authorized access, it is clear there are many layers to consider concerning the physical security of today’s data centers and the critical infrastructure that supports these vital fortresses.

This article originally appeared in the July / August 2024 issue of Security Today.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3