4  FM quick reads on security

1. Separate Networks Key to Data Center Security Success


A network dedicated exclusively to data center security needs, including video recording and storage and access control of database communications, should be segregated from the existing data center network. Supported by security staff with network training or, at a minimum, an internal network administrator, a dedicated network will enhance reliability and protection, providing immunity from typical network outage windows and improving speed and bandwidth on both networks.

Today's new IP security networks that support video surveillance and access control equipment require 24/7/365 operation and must be managed differently than the typical data network. For example, on a Saturday evening, the data network maybe taken out of service to upgrade the system at a time when the business it is supporting is not in operation; however, the security system must still be operational. If the IP cameras were connected to the data network, there would be no monitoring or recording during the maintenance outage. Employing a separate network and a security team trained in IP capabilities to operate independently from the data network team will enhance network flexibility and provide more robust monitoring and tracking.

For data centers interested in taking surveillance to the next level, video analytics will further enhance security efforts. Video analytics is the practice of using software to automatically identify things of interest without the need for a human operator. On the market since 2005, the most common types of video analytics are perimeter violation, license plate recognition and people-counting. When an algorithm detects an anomaly, it alerts an operator with an alarm to evaluate the situation. In this way, video analytics can actually help avert a situation before it happens instead of going back and reviewing video footage to investigate an incident that already occurred. This can be a valuable tool in protecting the mission critical environment and keeping the data center and its occupants safe and secure. Video analytics software can be embedded into the processor of an IP camera system, allowing for incremental deployment of the analytics systems to locations that require it.


2.  Two Fundamental Ways to Increase On-Site Capacity

There are two fundamental ways to increase on-site capacity: power density or square footage. Typically, owners and managers consider expanding the physical capacity of a data center when they can no longer increase power density to support the business operations.

As a prerequisite for expansion, the organization must have the appropriate management processes, procedures and oversight in place to enable a seamless expansion of critical infrastructure while maintaining operations and protecting data throughout the project. Before the project begins, the entire process must be documented, including a rigorous quality review procedure for data center operators to execute transitions without outages.

Companies that have successfully completed an on-site expansion in the past may be able to leverage existing procedures for a new project, but they typically lack adequate internal resources to manage it. As a result, they must turn to experts when they are expanding a live data center. In addition to managing the risks to data and operations, the owner and project team must manage real safety risks to operating personnel during "hot" work.

There are several advantages to existing site expansion. The biggest is maintaining control over mission-critical assets, especially their performance and security. Existing site expansion also avoids the inefficiencies and risks of compartmentalizing applications and outsourcing services. The organization gains economies of scale by leveraging existing real estate and operational resources, including staff and management. Growing in place also avoids the costs associated with decentralizing operations.

The major business risk associated with existing site expansion is the tendency to over-project demand and overbuild the facility. There are several reasons for this. A build-out typically requires 12 to 18 months to complete. In anticipation of this lengthy build process, an organization may try to project demand three or more years into the future. However, the longer-term the business forecast, the more likely it is to be inaccurate. Even companies that are very skilled at demand management can experience spikes, for example, due to a new product with an unexpectedly high demand. So there is a tendency to overbuild "just in case" unforeseen circumstances arise.

The carpenter's mantra, "measure twice, cut once," applies to all data center expansions, but particularly when considering an on-site physical expansion. Before moving ahead with an expansion, benchmark the existing data center's baseline performance to identify stranded capacity and opportunities to improve the facility's operating efficiency. For example, some owners have gained 30 percent or more capacity by implementing cost-effective changes in the management of air flow. If an expansion is warranted, the baseline performance benchmark will be a means of assessing the effectiveness of the project.

3.  Networks Face External Threats

A data center's external campus is at risk for any number of security breaches, from inclement weather to burglary to maintenance mishaps. Protecting this vulnerable area is the first step in securing the mission critical environment.

Minimum requirements for safeguarding a data center's external infrastructure assets include creating redundant pathways and physically protecting the cabling within them. Most data centers with some level of reliability have dual path redundant cabling coming in from two different sources on separate parts of the mission critical site. Designed to create network redundancy, this technique also promotes information security and reliability at the exterior of the building.

Protecting the cabling within its pathways by building a concrete structure around the underground conduit from the perimeter of the facility to the end of the data center grounds will further protect the data pathways from external vulnerabilities, including third party maintenance and future site construction.

Beyond minimum requirements, the second tier of external risk mitigation includes monitoring maintenance holes, segregating the security system from the rest of the network, and providing a trained and educated support staff for IP-based surveillance systems.

Maintenance holes throughout the property should have proper surveillance coverage, with the intent being to eliminate infiltration. While the conduit below the data center grounds will be encased in concrete, the same conduit at certain locations in the pathway will be accessible through maintenance holes. Because these locations are physically accessible from the ground level, and therefore vulnerable, 24/7 video surveillance is recommended. In addition, similar to any portal in the data center, a mechanical sensor connected to the access control system should be installed at the maintenance hole cover in order to alert a security guard when the cover is removed or compromised.

4.  Immediate Responders Can Provide Swift Response to Crisis

This is Casey Laughman, managing editor of Building Operating Management. Today's tip is to set up a system of immediate response to a crisis.

Whether they are police, firefighters or emergency medical service personnel, first responders are the ones who arrive at a crisis scene to provide emergency assistance and protection. But as important as they are, first responders are not the first on the scene. Someone has to call them, and it will be several minutes or longer before they can reach the site. What's more, there are the rare horror stories of 911 dispatchers sending rescue units to the wrong address or responders taking an inordinate amount of time to arrive.

The question that facility managers have to face is this: Is it acceptable to wait for first responders to arrive, or should there be a plan for immediate response to a wide variety of emergencies?

More and more, that question is being answered with the recognition that immediate response and action are crucial to save lives.

For facility managers, that means developing a plan that empowers in-house personnel to make a conscious decision to do something, rather than waiting for someone else to tell them what to do or corroborate the need for action.

Facility managers should ask themselves: What other incidents occur that usually are over within the first three minutes before the first responders arrive? What they have in common is that a crisis occurs that has significant impact on the facility in a very quick timeframe with no build up or preparation. For example, in a bombing, police and firefighters would race to the scene and might soon arrive in overwhelming numbers. But the initial response would still depend on how close a roving patrol is to the site of the explosion. Until those first responders arrived, those on the scene would still be on their own for the first few minutes to assist victims.


RELATED CONTENT:


security , network security



NFPA Conference & Expo



QUICK Sign-up - Membership Includes:

New Content and Magazine Article Updates
Educational Webcast Alerts
Building Products/Technology Notices
Complete Library of Reports, Webcasts, Salary and Exclusive Member Content



click here for more member info.