4 FM quick reads on security
1. Conceptual Design Helps Solve Security Setup
This is Casey Laughman, managing editor of Building Operating Management magazine. Today's tip is to use a conceptual design when designing security systems.
The goals of a conceptual design are to understand the current and relevant security systems, policies, procedures and responses. As well, facility managers need to understand future expectations and requirements of the proposed systems, and develop a preliminary design and budget that meets end-user expectations as well as operational, financial and regulatory requirements.
The first step to take in the conceptual design is to conduct an existing conditions survey. During this step, a close examination of the resources and systems currently in place is made. It also documents the currently deployed systems and determines if systems, components and hardware can be reused in the new system.
It is also important to conduct a system needs analysis, for which it will be necessary to research codes, regulations, standards and statutes that may affect the design and implementation of the security systems. Understanding and clearly defining the user needs and expectations is critical. This is best done by completing a "basis of design" document.
Upon the completion of the basis of design document, the team can now move on to the preliminary conceptual design and budget. At this point, appropriate systems and technologies are identified, including access control, CCTV, intrusion detection, monitoring stations, programming stations, and visitor management systems. Advanced systems such as video analytics, facial recognition, and enhanced video review can be added to the design as well.
Facility managers must work closely with the professional security consultant, designer, or engineer and make sure that IT and security department representatives are included in the conversation. The goal is to develop a programming schedule that addresses the needs of the multiple departments. A rough order of magnitude budget is also developed during this phase.
2. Separate Networks Key to Data Center Security Success
A network dedicated exclusively to data center security needs, including video recording and storage and access control of database communications, should be segregated from the existing data center network. Supported by security staff with network training or, at a minimum, an internal network administrator, a dedicated network will enhance reliability and protection, providing immunity from typical network outage windows and improving speed and bandwidth on both networks.
Today's new IP security networks that support video surveillance and access control equipment require 24/7/365 operation and must be managed differently than the typical data network. For example, on a Saturday evening, the data network maybe taken out of service to upgrade the system at a time when the business it is supporting is not in operation; however, the security system must still be operational. If the IP cameras were connected to the data network, there would be no monitoring or recording during the maintenance outage. Employing a separate network and a security team trained in IP capabilities to operate independently from the data network team will enhance network flexibility and provide more robust monitoring and tracking.
For data centers interested in taking surveillance to the next level, video analytics will further enhance security efforts. Video analytics is the practice of using software to automatically identify things of interest without the need for a human operator. On the market since 2005, the most common types of video analytics are perimeter violation, license plate recognition and people-counting. When an algorithm detects an anomaly, it alerts an operator with an alarm to evaluate the situation. In this way, video analytics can actually help avert a situation before it happens instead of going back and reviewing video footage to investigate an incident that already occurred. This can be a valuable tool in protecting the mission critical environment and keeping the data center and its occupants safe and secure. Video analytics software can be embedded into the processor of an IP camera system, allowing for incremental deployment of the analytics systems to locations that require it.
3. Two Fundamental Ways to Increase On-Site Capacity
There are two fundamental ways to increase on-site capacity: power density or square footage. Typically, owners and managers consider expanding the physical capacity of a data center when they can no longer increase power density to support the business operations.
As a prerequisite for expansion, the organization must have the appropriate management processes, procedures and oversight in place to enable a seamless expansion of critical infrastructure while maintaining operations and protecting data throughout the project. Before the project begins, the entire process must be documented, including a rigorous quality review procedure for data center operators to execute transitions without outages.
Companies that have successfully completed an on-site expansion in the past may be able to leverage existing procedures for a new project, but they typically lack adequate internal resources to manage it. As a result, they must turn to experts when they are expanding a live data center. In addition to managing the risks to data and operations, the owner and project team must manage real safety risks to operating personnel during "hot" work.
There are several advantages to existing site expansion. The biggest is maintaining control over mission-critical assets, especially their performance and security. Existing site expansion also avoids the inefficiencies and risks of compartmentalizing applications and outsourcing services. The organization gains economies of scale by leveraging existing real estate and operational resources, including staff and management. Growing in place also avoids the costs associated with decentralizing operations.
The major business risk associated with existing site expansion is the tendency to over-project demand and overbuild the facility. There are several reasons for this. A build-out typically requires 12 to 18 months to complete. In anticipation of this lengthy build process, an organization may try to project demand three or more years into the future. However, the longer-term the business forecast, the more likely it is to be inaccurate. Even companies that are very skilled at demand management can experience spikes, for example, due to a new product with an unexpectedly high demand. So there is a tendency to overbuild "just in case" unforeseen circumstances arise.
The carpenter's mantra, "measure twice, cut once," applies to all data center expansions, but particularly when considering an on-site physical expansion. Before moving ahead with an expansion, benchmark the existing data center's baseline performance to identify stranded capacity and opportunities to improve the facility's operating efficiency. For example, some owners have gained 30 percent or more capacity by implementing cost-effective changes in the management of air flow. If an expansion is warranted, the baseline performance benchmark will be a means of assessing the effectiveness of the project.
4. Networks Face External Threats
A data center's external campus is at risk for any number of security breaches, from inclement weather to burglary to maintenance mishaps. Protecting this vulnerable area is the first step in securing the mission critical environment.
Minimum requirements for safeguarding a data center's external infrastructure assets include creating redundant pathways and physically protecting the cabling within them. Most data centers with some level of reliability have dual path redundant cabling coming in from two different sources on separate parts of the mission critical site. Designed to create network redundancy, this technique also promotes information security and reliability at the exterior of the building.
Protecting the cabling within its pathways by building a concrete structure around the underground conduit from the perimeter of the facility to the end of the data center grounds will further protect the data pathways from external vulnerabilities, including third party maintenance and future site construction.
Beyond minimum requirements, the second tier of external risk mitigation includes monitoring maintenance holes, segregating the security system from the rest of the network, and providing a trained and educated support staff for IP-based surveillance systems.
Maintenance holes throughout the property should have proper surveillance coverage, with the intent being to eliminate infiltration. While the conduit below the data center grounds will be encased in concrete, the same conduit at certain locations in the pathway will be accessible through maintenance holes. Because these locations are physically accessible from the ground level, and therefore vulnerable, 24/7 video surveillance is recommended. In addition, similar to any portal in the data center, a mechanical sensor connected to the access control system should be installed at the maintenance hole cover in order to alert a security guard when the cover is removed or compromised.
Free E-mail Newsletters Sign-upWeekly Articles
Facility Webcast Alerts
Monthly Digital Magazine
Press Release Archives
Our Content On Your Site
FM Online Tools
- Content Directory
- Site Map
Other Online Resources