Data Center Security Guide
In a rush to build or expand the facility, many colocation providers overlook the single most important factor that should be built into every detail: data center security.
Everything from networks and power generators to the physical infrastructure should be designed and installed with data center security top of mind. Most elements of a data center can be entry points for determined attackers looking for vulnerabilities and insecure access points.
The Target breach of 2013, for example, involved a third-party HVAC provider. The retail giant announced that hackers had gained access through this third-party HVAC provider to its point-of-sales (POS) payment card readers. In the end, the company estimated that 70 million of its customers’ personally identifiable information (PII) had been compromised and Target’s CIO resigned. The total cost of the breach reached $162 million by the end.
Let that sink in. Something as simple as heating, ventilation, and air conditioning caused millions of people to be exposed and cost Target $162 million. While the smaller details may seem trivial or less important, they can cause a catastrophic impact.
In this blog, we will expand on our previous post about creating a data center checklist and 5 factors to for choosing a data center. We will specifically hone in on the data center security portion. Find out why it is vital for your data center colocation provider to have security built into every detail of their data center.
Physical Data Center Security Infrastructure
Layering security through the physical infrastructure of a data center is the first step towards complete peace-of-mind when storing your servers and data. Your colocation provider should never compromise on the latest and greatest measures to strengthen its infrastructure. From the hardened shell to access control systems and surveillance, here is your step-by-step guide on what to look for in a data center colocation provider’s physical data center security.
Building in a Secure Location:
We have discussed the importance of colocation facility locations in past blogs, yet building in the right location continues to be a top factor in data center security. Some areas that your colocation provider should avoid include:
- Airport landing paths
- Power plants
- Flood plains
- Earthquake fault lines
- Proximity to chemical facilities
- Other areas commonly experiencing natural disasters (Tsunamis, wild fires, hurricanes, tornados, etc.)
When layering security throughout the build of a data center colocation facility, climate protection, seismic activity, terrain type and other natural and man-made disasters should be considered. Foot-thick concrete can also be an effective barrier against the elements and explosive devices.
Another route that colocation providers are taking to secure the physical infrastructure of their data center is to build underground. Underground data centers can be the safest places to build, unless the infrastructure lacks an all-encompassing security strategy. If a data center decides to build underground, ask about their real-time air quality monitoring.
Secure Underground Locations
Due to the underground location, processes for changing, maintaining and monitoring the data center environmental conditions should be in place to avoid equipment failures. Other items to consider with an underground data center build are the cooling systems and compliance standards in place. Cooling is a major cost factor in underground data centers, and if implemented poorly, can cause equipment failures.
LightEdge uses redundant Liebert DS chilled water-cooling systems that are installed and monitored in each of our data center facilities to ensure that servers are always kept at their optimal operating temperature.
Another crucial factor when evaluating an underground facility is whether it’s housed in a cave or a mine. Cave environments can set clients up for a risky situation when it comes to lack of air flow, excess heat and air quality issues, and ultimately, equipment corrosion that could cost clients thousands of dollars and cut hardware life cycles short by a number of years.
Mine’s are the preferred data center space due to their natural aspiration combined with protection from the elements. When layered with real-time air quality monitoring, mines function as the prime data center space.
Limit Entry Points
Limiting the entry points from the data center will decrease the risk of physical break-ins to the building. A data center can control access to the building by establishing one main entrance for customers and employees. There should be one other entrance in the back of the data center for loading docks.
If fire codes in the area require exits, install doors that don’t have handles on the outside. This makes the door a fire exit only. Apply signs to these doors stating their purpose and that if opened, a loud alarm will sound. This alarm will trigger a response from the local fire and security command center. Installing fire exists will ensure the colocation facility is up to fire codes, but still limits entry points to the building from the outside.
Monitoring the limited entry points for the main entrance, loading docks, fire exits, and any other sensitive areas of the facility is essential. It will help your data center colocation provider to keep track of everyone who entered and exited the building at certain times.
When evaluating a data center colocation provider, here are some questions to ask about their limited entry points and access control systems:
- How often does your data center update its access list?
- How many points of entrance are there, and who has access to them?
- When employees or customers leave your data center business, what is the procedure on revoking security access?
If their answers lack the upmost commitment to security and access control of the building, then it is best to look elsewhere for a data center colocation provider.
Barriers such as fencing, thick concrete walls, lone-standing retaining walls and underground environments are some of the physical security that data centers can offer.
Many facilities will also use landscaping as physical protection from outdoor elements. Flag poles, trees, boulders and curved roadways can keep any foreign objects from getting too close. In addition to landscaping protection, crash-proof barriers should be in place to keep a 100-foot buffer zone around the facility’s site.
While physical barriers should keep the outside elements from coming in damaging contact with the building, it is still recommended that windows be avoided. If a data center has windows, they should be limited to break rooms or administrative areas. Windows should also use laminated glass to ensure protection.
Data Center Security Technology
A data center that is designed with the most-up-to date security technology features will help to reduce risk from the inside out. When it comes to your mission critical infrastructure, security technology should be top of mind. Here are a couple things to look for in your data center colocation provider’s security technology:
A report from the Markets and Market shows that the data center security market is estimated to grow to $13.77 billion by the end of 2018. Security technology options include video surveillance and biometric access.
It is best practice for data centers to have multiple check points throughout the facility. Typically, to gain access to your equipment, you need:
- To go through a secure check-in process with your government issued ID
- To be given a visitor badge and create a pin code
- Your fingerprint
- In some cases, facial scan, retinal scan, etc.
- Your rack or cage key
- With a private suite, a specific badge key card
When looking at your current or new data center colocation provider, be sure to go through each security element needed to access your equipment. Different data center colocation facilities may have differing levels of security credentials.
Surveillance Monitoring Systems
Many times, data centers are equipped with advanced surveillance to provide additional security. In addition to surveillance technology, check to see if your data center colocation provider has a live expert or technician monitoring those cameras. They will be able to provide you with real-time updates on any suspicious activity with your data equipment.
Each of LightEdge’s data center facilities are equipped with high-res video surveillance of both the outside perimeter and inside room, hallways and rack aisles. The surveillance video has a 91+ day archival period for customers to review tapes when needed.
Another element of a data center that should be designed with security in mind is redundancy. Redundancy is in place to help facilities weather any incident with minimal downtime. Data centers need two sources for their utilities such as power, cooling, electricity and network connections.
The most common reason for outages is due to weather. Outages can also occur because of equipment failure or power loss. If for any reason your data center colocation facility were to weather a disaster, they should have lines to a backup solution that ensures you face little to no downtime.
Another major cause of outages is due to human error. Thankfully, providers like LightEdge that are ISO 20000-1 compliant are able to provide an additional layer of insurance. ISO 20000-1 protects against human error and LightEdge is on one of the only service providers in the United States to hold this level of compliance.
Typically, larger businesses and enterprises select data centers with a ranking of Tier III or higher to put their servers in because these data centers offer top redundancy. In case of an unforeseen outage, their business could continue operating normally.
Using a provider that offers Workplace Recovery seats is another added benefit of business continuity and ensuring redundancy. If an organization’s business were to weather any damage from natural disasters, man-made issues, or outages of any kind, their office could operate out of the data center. This would allow for business to continue as normal while repairs were made to the organization’s office.
According to Gartner, the average cost of IT downtime for businesses is $5,600 per minute. What does this mean for you? It means downtime matters and so does redundancy.
Data Center Security Technicians
Some data center colocation providers offer their technical security staff as a value-add. These experts can provide you with advice and consultative support for implementing and maintaining a secure server. If your company has limited experience with infrastructure, the guidance of security experts would be a valuable asset.
Data Center Compliance Experts
You may be an organization in the healthcare industry and regulated by HIPAA or you might be in the financial industry and must maintain compliance with PCI DSS. Whatever standards and regulations you must follow, having a compliance expert to help you navigate those regulated waters will allow you to focus more on your business’s core competencies.
When trained security staff is available, a data center colocation provider can become more than a facility. They can become a trusted adviser, giving you access to leverage their depth of expertise. When a data center provides top-of-the-line infrastructure, security technology, compliance, and experts with the knowledge to guide and advise you, they become a Hybrid Solution Center. A Hybrid Solution architects, orchestrates, and manages customers’ hybrid cloud environments from beginning to end.
When choosing a data center infrastructure provider, it is important to understand what certifications and security processes they have in place. A provider should remain up to date on all of the most vital compliance regulations and remain committed to working with customers as their colocation partner.
Since there are many compliance regulation variations, you as a business owner should come armed with questions for whatever provider and provider experts you consider.
The ROI of Data Center Security
While the cost of hosting your servers at a data center colocation facility can sometimes be higher than hosting them yourself, the security benefits that a data center provides are well worth it. Common areas of ROI due to data center security include:
- Reduction in security threats
- Reduction in outages and downtime
- Reduction in the cost of hardware
- Less time spent reacting to and fixing issues
- Faster upgrades
- Compliance audit preparedness
Gartner’s IT Budget report shows that healthcare companies often spend 75 percent of their IT budgets on maintaining internal systems. Regardless of your industry, companies are often blinded by the upfront price of software. Typically, they fail to understand the cost of maintenance, additional hardware, support and expert talent that has the knowledge to run these systems. If your company takes the time to evaluate the security benefits they will see the ROI is clear.
Are You Sold on Data Center Security?
Finding a colocation provider that meets the security requirements above will allow for you to grow your business without fear of interrupting your mission-critical infrastructure. Data center colocation providers protect your data in the case of an emergency. They do so through their physical building design, security tools and compliance expertise. Evaluating providers based on location, multi-factor authentication, redundancy, expert support and ROI will ensure your investment will yield the greatest benefits.
LightEdge has secure Hybrid Solution Center locations at our Des Moines, Kansas City, Omaha, and newly acquired Austin and Raleigh data center facilities. With-top-of-the-line physical security features, customers can be sure their data, hosted in our compliant cloud, is protected to the highest extent. LightEdge has carrier neutral facilities with the ability to deliver high bandwidth, high reliability and low latency service.
Compliance and security are top priorities to guarantee that your data is protected. LightEdge is compliant with:
- ISO 27001
- ISO 20000-1
- SSAE 18 SOC 1 Type II, SOC 2 Type II and SOC 3
- PCI DSS 3.2
In addition, LightEdge provides its customers with a risk-free compliance assessment from our Chief Security Officer and Chief Compliance Officer, Jake Gibson. Jake is always free and available to all our customers when it comes to meeting compliance standards. On top of our compliance experts, we have 24/7/365 support from a live technical expert. If you are interested in getting a tour of any of our data center facilities, contact us here. We have data center and security and compliance experts standing by to answer any of your questions.