In a recent 451 Research survey, 60% of respondents reported that the majority of their IT environments will operate outside the confines of their own data centers by the end of 2019, shifting to off-premises service providers. Despite this shift, CIOs and IT leaders say security and compliance concerns weigh heavily when migrating to a third-party data center. Threats like ransomware and DDoS as well as stringent regulatory requirements are on everyone’s mind as they seek to maintain control of their companies’ data and computing resources. However, those with malicious intent are going to extreme lengths to steal data. Much of the data security conversation revolves around protecting that data from cyber threats, but what about threats to your physical infrastructure?
Physical security of your data can be just as important as your cybersecurity. While data centers have, so far, been immune to the types of physical attacks seen in other industries (like in the energy industry), off-premises service providers should protect against these types of threats. While ensuring the physical security of your data may seem like a daunting task, one way to quickly address it is to consider colocation with a trusted data center provider.
Here are 8 vital physical security features that your data center provider should have:
- Know the threats. Physical threats are just as likely to come from within your organization as from external individuals with malicious intent. There are two types of physical threats: the theft of hardware (often for purposes of stealing the data residing on that hardware) and physical attacks designed to sabotage a data center. A good data center provider knows how to properly define and assess these threats.
- On-site security staff. Alarm systems and other precautions are a great idea, but the best defense is a good offense. Just having visible security staff on site 24x7x365 can be enough to thwart an attack before it happens.
- Video surveillance. Camera systems can help you catch a criminal in the act and can also help you present critical evidence for an investigation, trial or insurance claim. At a minimum, your data center provider should have cameras on every entry point to the facility. Less windows are better, but if you can’t control that, there should also be cameras on these as they are access points. Security cameras make easy targets for theft as well, so a good data center should digitally archive the data in real time.
- Controlled access. When your servers are simply on a rack in an unlocked room, it’s all-too-easy for someone to simply lift a server and walk out. A good data center provider will have options that range from simple PIN or electronic-key access to more sophisticated controls such as multi-factor identification and biometric scans for more sensitive areas of the facility.
- Background checks. Pre-employment background checks have become nearly universal. Your data center partner should be running them routinely through a third-party vendor with experience in performing background checks for IT employees. They should also perform background checks on vendor and contractor employees who will have access to data.
- Proper employee exit procedures. When an employee with secured access leaves your company, there should be procedures in place to change access codes as necessary and revoke all access credentials. It’s also important to notify your provider to have their access removed – they should have strict controls regarding who has access to your data.
- Vendor control. When a vendor or a contractor needs access to the data center, your provider should have policies around access and be able to continually monitor their activity to prevent data theft.
- Compliance. Data center physical security is also a matter of compliance. Industry standards and government regulations, such as PCI DSS, don’t assign different penalties based on whether personal data was stolen by cybercriminal or by a thief who broke a window in the middle of the night. Select a provider that complies with regulations and regularly undergoes compliance audits. A provider with knowledge of compliance regulations is critical to your data security.
We can make it easier for you. Colocation with TierPoint allows you to put your company's IT infrastructure in our strategically located, state-of-the-art data centers. Our facilities are independently audited to ensure we have the controls, processes, and physical security features to help clients get certified as compliant for critical regulations including HIPAA/HITECH, GLBA, PCI-DSS v3.2, and ITAR.
Here is a list of our data center locations. You can read about each of them to take a closer look at their attributes including physical security features. When you’re ready, you can also request an on-site tour.
About the author
Traci Lock is Director of Product Management for Cloud and Data Center Product Development at TierPoint where she provides in-depth knowledge and success in end-user support, business assessments, and process analyses.