Critical Facilities: Data Center Security
Part 1: Look Outside Building to Protect Data Center Network
Look Outside Building to Protect Data Center Network
By Jeff Kirchner - November 2011 - Data Centers
The principal asset of any data center is its network infrastructure. While power outages and the like pose a great uptime threat, another significant reliability risk exists: unauthorized access to the network's accessibility and equipment connections.
Protecting the facility and its equipment from unauthorized access and human error involves preventing third party vendors and even internal personnel from gaining access to unauthorized areas, network lines and equipment to do physical damage. Securing both internal and external areas is crucial to maintaining optimal reliability.
Securing External Areas
A data center's external campus is at risk for any number of security breaches, from inclement weather to burglary to maintenance mishaps. Protecting this vulnerable area is the first step in securing the mission critical environment.
Minimum requirements for safeguarding a data center's external infrastructure assets include creating redundant pathways and physically protecting the cabling within them. Most data centers with some level of reliability have dual path redundant cabling coming in from two different sources on separate parts of the mission critical site. Designed to create network redundancy, this technique also promotes information security and reliability at the exterior of the building. Protecting the cabling within its pathways by building a concrete structure around the underground conduit from the perimeter of the facility to the end of the data center grounds will further protect the data pathways from external vulnerabilities, including third party maintenance and future site construction.
Beyond minimum requirements, the second tier of external risk mitigation includes monitoring maintenance holes, segregating the security system from the rest of the network, and providing a trained and educated support staff for IP-based surveillance systems.
Maintenance holes throughout the property should have proper surveillance coverage, with the intent being to eliminate infiltration. While the conduit below the data center grounds will be encased in concrete, the same conduit at certain locations in the pathway will be accessible through maintenance holes. Because these locations are physically accessible from the ground level, and therefore vulnerable, 24/7 video surveillance is recommended. In addition, similar to any portal in the data center, a mechanical sensor connected to the access control system should be installed at the maintenance hole cover in order to alert a security guard when the cover is removed or compromised.