19 Ways to Build Physical Security into a Data Center
11. Use plenty of cameras. Surveillance cameras should be installed
around the perimeter of the building, at all entrances and exits,
and at every access point throughout the building. A combination of
motion-detection devices, low-light cameras, pan-tilt-zoom cameras
and standard fixed cameras is ideal. Footage should be digitally
recorded and stored offsite.
12. Protect the building's machinery. Keep the mechanical area of
the building, which houses environmental systems and uninterruptible
power supplies, strictly off limits. If generators are outside, use
concrete walls to secure the area. For both areas, make sure all
contractors and repair crews are accompanied by an employee at all
13. Plan for secure air handling. Make sure the heating, ventilating
and air-conditioning systems can be set to re circulate air rather
than drawing in air from the outside. This could help protect people
and equipment if there were some kind of biological or chemical
attack or heavy smoke spreading from a nearby fire. For added
security, put devices in place to monitor the air for chemical,
biological or radiological contaminant.
14. Ensure nothing can hide in the walls and ceilings. In secure
areas of the data center, make sure internal walls run from the slab
ceiling all the way to subflooring where wiring is typically housed.
Also make sure drop-down ceilings don't provide hidden access
15. Use two-factor authentication. Biometric identification is
becoming standard for access to sensitive areas of data centers,
with hand geometry or fingerprint scanners usually considered less
invasive than retinal scanning. In other areas, you may be able to
get away with less-expensive access cards.
16. Harden the core with security layers. Anyone entering the most
secure part of the data center will have been authenticated at least
three times, including:
a. At the outer door. Don't forget you'll need a way for visitors to
buzz the front desk.
b. At the inner door. Separates visitor area from general employee
c. At the entrance to the "data" part of the data center. Typically,
this is the layer that has the strictest "positive control," meaning
no piggybacking allowed. For implementation, you have two options:
1. A floor-to-ceiling turnstile. If someone tries to sneak in behind
an authenticated user, the door gently revolves in the reverse
direction. (In case of a fire, the walls of the turnstile flatten to
allow quick egress.)
2. A "mantrap." Provides alternate access for equipment and for
persons with disabilities. This consists of two separate doors with
an airlock in between. Only one door can be opened at a time, and
authentication is needed for both doors.
d. At the door to an individual computer processing room. This is
for the room where actual servers, mainframes or other critical IT
equipment is located. Provide access only on an as-needed basis, and
segment these rooms as much as possible in order to control and
17. Watch the exits too. Monitor entrance and exit—not only for the
main facility but for more sensitive areas of the facility as well.
It'll help you keep track of who was where when. It also helps with
building evacuation if there's a fire.
18. Prohibit food in the computer rooms. Provide a common area where
people can eat without getting food on computer equipment.
19. Install visitor rest rooms. Make sure to include bathrooms for
use by visitors and delivery people who don't have access to the
secure parts of the building.
<< Previous Page
Note: atifkamal.com provides information
here for illustration only, without warranty either expressed or
implied. This includes, but is not limited to, the implied
warranties of merchantability or fitness for a particular purpose.