Securing Data Centers Requires Dedication During Design
Once the facility and its external pathways are secured, the internal networking infrastructure must be treated similarly. One way to protect this infrastructure is to physically diversify the network cabling and IT equipment spaces on the interior of the building. The typical layout of a data center, with a variety of different rooms, sub rooms and corridors can naturally allow for the desired cable and space diversity, if proper planning takes place in the early stages of building design.
Ideally, cable infrastructure should be completely diverse throughout the data center building. Segregating each network connection backbone via separate and distinct routes to its proper areas of operation will help minimize the threat of network infrastructure access by both third party and internal personnel.
By securing the networking equipment and its cable pathways in conjunction with the video surveillance and access control system, the data center will be more impervious to threat. But beyond minimum requirements, the second tier of internal risk mitigation is to consider the operational flow of third party and maintenance personnel within the building.
Again, this must be done during the project's initial design phase. Where will third party vendors enter the facility? How will they bring their equipment in? Which rooms and corridors will they need to enter? Where will regularly scheduled and emergency maintenance take place? Ideally, third-party vendors will have easy access from building entrance to a less secure internal area where they need to go for equipment maintenance, eliminating the need to access internal computer rooms where the owner's equipment is located. The same goes for internal staff, maintenance and otherwise, that may either have bad intentions or just shouldn't have access to areas that aren't in their domain.
One way to achieve this is to install separate rooms or cages for third party vendors and their equipment in areas close to the entrance of the data center. Similarly, designing MEP and technology equipment and maintenance spaces away from the most critical areas of the data center will prevent unauthorized personnel from accessing unauthorized areas as well.
The unique nature of the data center and its reliability requirements demand a safe and secure environment. Protecting both internal and external areas and their cabling from a variety of different risks is crucial to maintaining the desired reliability of any mission critical environment.
Jeff Kirchner, RCDD, is associate partner, technology, with Syska Hennessy Group, New York. He can be reached at firstname.lastname@example.org.
Protecting Co-location Data Centers
Co-location data centers provide multiple customers with the ability to locate network, server and storage gear through a shared infrastructure, minimizing both capital and operational costs for users. With a number of tenants in a variety of space configurations, co-location data centers face a unique infrastructure security challenge. Because co-location data centers can be typically subdivided by cages or just by individual cabinets or IT racks, electronic access control is key.
Cages should be treated as rooms, with locks so that air conditioning is the only element shared. Tenants should gain access only to their own cage through an active card reader or similar equipment at the cage itself. For smaller clients that want just a cabinet or two, specify access control down to the cabinet level to provide individual access. This will allow security personnel to track who is in each space moment-to-moment. For example, if there are five clients in one area serving different racks, tracking who was where when something goes down will be streamlined.
Similarly, monitoring can be another function of the access control system in a co-lo data center. Personnel can monitor access to cages, cabinets and racks to determine who is in the building, which tenants have their doors open, closed, etc. By having a dedicated security IP network, the security team can maintain tight control over security communications and allow for 24/7/365 operation, which can be a great selling point to prospective tenants.
— Jeff Kirchner