Neil Killick, EMEA Leader of Strategic Business at Milestone Systems, outlines eight steps to strengthen your data centre’s physical security.
We’ve all heard that data is the new oil. It’s the most valuable commodity in the 21st century and that makes it a lucrative target. More so in the wake of the Covid-19 pandemic, where data became operationally critical to so many organisations. Our mass shift to remote work, socialising online, eSports, eCommerce and more, has massively increased the amount of data for businesses to pore over — and malicious actors to steal and exploit.
A time of great growth
Furthermore, the rise in online usage has led the data centre sector to experience explosive growth. This will only continue with advances in cloud computing, the blockchain, artificial intelligence (AI) and 5G all requiring fast and powerful computing power. Yet, with this, the number of data compromises is also on the rise, on track to hit a record-breaking year in 2021 with an increase of 17% compared to 2020.
The need for robust physical security
That’s why data centre leaders are doubling down on their security. But although many are used to spending significant sums on their cybersecurity, physical security has traditionally been overlooked. The most advanced firewall will be little defence if someone gains physical access to a server room. Next-gen video analytics is helping data centre leaders to protect their assets, equipment and sites, with comprehensive solutions that ensure nobody can get close.
Indeed, the physical security market for data centres is enjoying rapid growth. It’s expected to grow at a CAGR of over 7.42% during the period 2020 to 2026. In part, this is because of the growth in data centre construction, but also due to increased demand in more complex ways to protect against intrusion, corporate espionage, internal sabotage and natural disasters.
Eight steps to boost physical security
Investing in the right technology is evidently key to protecting a data centre. But with so many different solutions available, how can you ensure the systems and processes you choose are the right ones?
- Understand your current position
When you begin thinking about your physical security strategy, it’s worth understanding the current state of affairs. What are your current security system’s strengths and weaknesses? Make a list of all the equipment that needs protection and decide to what level (a high-risk area full of servers with personal data will need different security levels to a communal staff area, for example.)
Additionally, identify all current employees who have access to high-risk areas. Make sure there’s a process to regularly check this employee list and remove anyone who shouldn’t have access (due to changes in their role, or if they leave.)
- Ensure you have redundant utilities
Your data centre needs redundant utilities (like electricity and water) to avoid common-mode failures and downtime. It’s also worth monitoring and controlling the air quality, temperature and humidity in your centre. Particularly in sensitive areas around racks and servers, where cooling systems could be hacked and exploited to disrupt services. To go a step further, consider using Internet of Things (IoT) sensors to proactively monitor equipment performance and warn of possible failures or downtime.
Although this may sound like a Hollywood mainstay, the risk of sabotage to cooling systems is a very real-world possibility. A recent demonstration using a simulated data centre focused on dismantling an HVAC (heating, ventilation and air conditioning) system’s pumps, valves and fans. The security experts behind the simulation warned data centre leaders about the potential of this exploit during times of extreme weather and to spike temperatures in server rooms. Ultimately this could help them gain access to sensitive data or hold a data centre to ransom.
- Secure your perimeter
The best perimeter controls make sure nobody unauthorised can even get close to your data centre. These include:
- Sensors along fencing and boundary lines to alert to when it is tampered with or crossed.
- CCTV cameras to monitor boundaries.
- Radar technology to detect possible intrusion at a longer distance.
- Thermal cameras to detect the heat signatures of possible intruders.
- Automatic licence plate recognition (ANPR) to identify vehicles approaching a site.
- A video management system (VMS) to consolidate the different inputs and support analytics to issue alerts for potential intrusion.
- Access control
Using access control provides an additional layer of protection so if someone gains access to your site, it will prevent them from entering a building. It can work in tandem with CCTV and video analytics to provide multi-factor authentication and further protection. For example, facial recognition can automatically identify authorised personnel and allow them entry. You may also wish to consider anti-tailgating and anti-pass-back facilities that will ensure only one authorised individual and vehicle passes into a complex during a specific time.
Your security team should also use access lists to log all entry and exit, visitor logs and contractor management that monitors the movement of all third-party personnel throughout the site. Ideally, security teams should be able to pinpoint the locations of contractors and visitors in real-time either through wearable trackers or advanced video analytics.
- Internal protections
If someone does manage to circumnavigate your perimeter and access control systems, the next layer of protection is your internal security systems. These work to track an intruder within a building, protect your most high-risk areas, and record all activity if an investigation is required later on. The technology to consider here includes video surveillance, infrared tripwires, mantraps, and other connected IoT devices that can reduce the risk of intrusion, detect emergencies like fire and flood, and preempt equipment failure.
To work effectively, video surveillance needs to show security teams everything happening within a building. Full visibility will help them identify what ‘normal’ looks like in day-to-day behaviour and quickly identify when something is amiss. In the event of a security breach, visual identification of an intruder should be easily possible through video and audio feeds.
Depending on your needs, you may also wish to invest in control room technology like a smart wall to help operators understand all activities on-site and facilitate quick decision making. Again, a VMS will prove invaluable in managing all video, audio and sensor data coming in from your internal protection system.
- Security and control room staff
Once your technology is in place, you need to consider your staffing requirements. As a minimum, you need 24/7 coverage. Video analytics can do a lot of the heavy lifting but you will still need frontline security support to respond to any incidents plus operators to communicate key details to them. It’s worth investing in an intuitive system that your team can begin using almost instantly, with minimal ongoing training.
Whatever your team setup, the goal is to make response times for any suspicious activity or emergency, as short as possible.
- Wider workforce training
Your wider workforce also has a critical role to play in protecting your data centre. From preventing people tailgating them through an entrance to hiding passwords at their workstations, your wider workforce needs to understand all current security measures and their responsibilities towards them. They should also be aware of any particularly common or new threats.
- Review, test and upgrade
All security systems require regular checks and maintenance to continue protecting your site. At least once a year, check all of your devices and systems to ensure they’re working as expected. At least each quarter, review the latest threats and assess your security against them. Also, keep an eye out for new technology that may further improve your physical security.
Consolidating different devices
Traditionally, the physical security market for data centres has been highly fragmented with disparate systems that make it difficult for security teams to have a complete overview of all happenings on-site. However, an open VMS is able to consolidate all different data streams from CCTV, access control, perimeter protection and more, so operators can remain fully updated with who is on-site, where, why and when.
Conversely, another benefit to having an open system is in the choice of devices supported. This ensures the system meets the needs of each data centre (and its unique risks) and tenant in a consistent way. It also allows for best-in-class solutions to be implemented instead of being locked into just one vendor, and for future proofing for emerging needs, threats and new devices.
Choosing an open system like Milestone will help with futureproofing your physical security system, making it easier to deploy new solutions and experiment with emerging technologies. Giving you peace of mind that malicious actors will be kept well away from your data, today and tomorrow.