Top 5 Best Practices for Data Center Perimeter Security
With recent stories like AWS dropping the social media platform Parler for violating its terms of service, data centers are now a target from potential bad actors.
Basic, low-level protection is not sufficient to protect modern data center centers. According to Anixter, the average cost of a breach is $5.5 million with 39% of breaches caused by negligence and 37% caused by malicious attacks. Data center security managers must follow best practices and enforce the 5 Ds of perimeter security (deter, detect, deny, delay, and defend) to ensure the physical security of their data center sites or risk costly physical intrusions.
Safeguard your facility and data with these best practices to improve your data center perimeter security:
- Approach security in layers. Data center security best practices include using an integrated, layered approach to protecting your facility and data. Layering your physical security by perimeter security, facility controls, computer room controls, and cabinet controls provides depth to your security structure and allows inner layers to still be protected in the event an outer layer is breached. An example of outer layer perimeter security is monitoring the airspace with drone detection solutions to prevent corporate espionage and other attacks. The inner layers are often ignored but are critical to mitigating insider threats. Data Center Infrastructure Management (DCIM) software should be used to manage and remotely control electronic door locks, watch real-time camera feeds, and provide real-time audit logs to ensure compliance with requirements and regulations.
- Install perimeter barriers. Crash-rated and anti-scale fencing are critical to data center physical security standards. Data center fencing should be built from high-tensile strength, steel-corrugated pales that curve outward at the top to deter and delay bad actors. Since these barriers are constructed without brackets, they can’t be disassembled, and they are anchored with concrete footers to withstand a vehicle’s impact. If you are unable to install fencing due to environmental, geographic, budgetary, or existing infrastructure constraints, you can still construct a virtual barrier with other items on this list like video surveillance and detection sensors. Landscaping can also provide physical protection. Trees can hide security cameras and make the data center less visible and landscaping rocks or other objects can make it more difficult to sneak inside. In the event a potential threat approaches the perimeter, deploy horn speakers to play live or pre-recorded warnings to deter an attack.
- Limit and secure entry points. Comprehensive data center access control includes constructing your barriers to funnel all visitors and potential threats to as few entry points as possible that are highly monitored. Establish one main entrance for customers and employees, another in the back for loading docks, and exit-only fire exit doors if required by fire codes. Windows are another potential access point and should not be used. At your entry points, deploy access control to deny entry to unauthorized individuals and ensure only verified employees or visitors enter the facility. Video intercoms, card readers, or biometric technology can be used, and turnstiles can reduce piggybacking.
- Monitor the perimeter with the latest video surveillance technology. Video surveillance is one of the most crucial data center security solutions to detect potential threats. Technological advancements have allowed for more responsive video surveillance in which activity can be quickly analyzed and addressed. Thermal cameras with long detection ranges and high-contrast images are ideal are ideal for data center security as they still perform well even in low-visibility conditions such as light rain, fog, smoke, or total darkness. Ground-based radar can also be used to track people and objects moving across open spaces and is less sensitive to things that trigger false alarms in other motion detection cameras like small animals and moving shadows. Video content analysis (VCA) can identify objects left behind, count people, and employ other “smart” tactics to quickly identify threats. Best practice is to maintain a log of all video footage and entry logs for at least 3 months.
- Have a documented incident response and incident management process. Documenting your process with a data center physical security checklist is the key to ensure that all tasks are accomplished and in the correct order when there is a security incident. To ensure the process is followed, perform drills and testing and run regular security audits. It may be easy to recall all the steps on your checklist, but in the event of an actual incident, stress levels rise, and protocol may not be followed.
Looking to improve physical data center security? Take a free test drive of Sunbird’s DCIM software today.