By Scott Capps, Director, Data Center Services
In the Society for Information Management’s annual survey of Chief Information Officers, once again, security and privacy took center stage for many IT leaders. That probably doesn’t come as much of a surprise to anyone. Data security and privacy – and I’d add compliance – should remain one of the CIO’s top concerns. However, CIOs would do well to remember that data security, privacy, and compliance are about more than keeping malicious hackers and data thieves out of their systems. There is a physical element that needs to be taken into account as well.
What’s Wrong With This Picture?
I’ve visited any number of organizations that tell me security is their main concern, but when they show me their on-site data center, it’s basically a closet with no physical security measures in place – not even a lock on the door. To make matters worse, most of these organizations are not in high-security buildings. At night, cleaning crews are given access to the grounds with very little supervision, and outside access to the building isn’t well controlled. When IT equipment is located in an office building, all individuals that access the building have the potential to access the Data Room or Data Closet, even when secured.
Most compliance regulations governing data security and privacy have some sort of physical security clause. While they may not be specific about the measures a company must take to physically secure their data, they are clear that it is the company’s responsibility.
6 Ways to Physically Secure Your Data Center
There are a number of actions an organization can take to secure their data center. Organizations should assess the physical vulnerability of their systems to determine which are appropriate.
#1 Move data centers off-site. If you have concerns about the physical security of your building, especially if you’re sharing space with other organizations and don’t have full control over building access, you may want to consider moving your data off-site to a more secure facility. Colocation providers like TierPoint, have stringent security processes in place. Audits are completed regularly and testing of the systems are a daily routine.
#2 Control access to the building. Upgrade your building control systems from a simple lock and key systems to a pass code or card swipe. You can also combine these methods with bio-metrics for an extra layer of security. Require sign in/sign out for guests.
#3 Screen access requests. Don’t assume your facilities maintenance vendor screens their employees. If someone is to work in the vicinity, especially unsupervised, insist on doing your own screenings.
#4 Validate identities. Obviously, you need to make sure employees understand the rules about allowing people to slip into the building behind them, but that doesn’t mean it won’t happen. Having security personnel available to validate IDs can help ensure compliance and authorized access.
#5 Set up secondary access controls. If there are areas of the building that are sensitive, such as the server room, create a secondary access protocol that is required for entry. Again, this is more than just putting a lock on the door. Access to the server room should be as stringent, if not more so, than access to the building itself.
#6 Set up surveillance. This can include motion and sound detectors as well as cameras. Thankfully, these systems are getting less expensive even as they are growing in sophistication.
Setting up adequate physical security may sound like a lot of work, and it can be. However, it can be easier for someone to steal a database than to hack into your servers, and it takes less time to pull it off. Regulators and compliance organizations expect to see reasonable measures and processes in place to prevent any theft. And these procedures are expected to be tested and well documented.
One way to avoid the overhead of adding additional physical security measures is to move your data center to the cloud or to a colocation environment. TierPoint data centers house a wide range of clients, many who require some of the most sophisticated systems and controls available to remain in compliance with various certifications. Some businesses that may not require this type of heightened level of control but are able to take advantage of this enhanced level of security. As always, we invite you to take a tour of one of our 39 data centers to see firsthand the physical measures we put into place to ensure the highest level of data center security available today.
Scott Capps, Director of Data Center Services, provides day-to-day oversight and management of TierPoint’s Omaha Data Center facilities. This includes operation and maintenance of the entire data center system environment including UPS, electrical, mechanical, building control, fire alarm, security and all other aspects of data center facility operations. Scott and his team make it their job to ensure the physical security and upkeep of the data center so TierPiont clients can focus on the strategic aspects of their business.