19 Ways to Build Physical Security into a Data Center
Mantraps, access control systems, bollards and
surveillance. Your guide to securing the data center against
physical threats and intrusions.
by Sarah D. Scalet,
November 01, 2005
Data Center Security Bookshelf
Business Continuity Planning for Data Centers and
Systems: A Strategic Implementation Guide
By Ronald Bowman (Wiley, 2008)
Unauthorised Access: Physical
Penetration Testing For IT Security Teams
By Wil Allsopp and Kevin Mitnick (Wiley, 2009)
There are plenty of complicated documents that can guide companies
through the process of designing a secure data center—from the
gold-standard specs used by the federal government to build
sensitive facilities like embassies, to infrastructure standards
published by industry groups like the Telecommunications Industry
Association, to safety requirements from the likes of the National
Fire Protection Association. But what should be the CSO's high-level
goals for making sure that security for the new data center is built
into the designs, instead of being an expensive or ineffectual
Read below to find out how a fictional data center is designed to
withstand everything from corporate espionage artists to terrorists
to natural disasters. Sure, the extra precautions can be expensive.
But they're simply part of the cost of building a secure facility
that also can keep humming through disasters.
1. Build on the right spot. Be sure the building is some distance
from headquarters (20 miles is typical) and at least 100 feet from
the main road. Bad neighbors: airports, chemical facilities, power
plants. Bad news: earthquake fault lines and (as we've seen all too
clearly this year) areas prone to hurricanes and floods. And scrap
the "data center" sign.
2. Have redundant utilities. Data centers need two sources for
utilities, such as electricity, water, voice and data. Trace
electricity sources back to two separate substations and water back
to two different main lines. Lines should be underground and should
come into different areas of the building, with water separate from
other utilities. Use the data center's anticipated power usage as
leverage for getting the electric company to accommodate the
building's special needs.
3. Pay attention to walls. Foot-thick concrete is a cheap and
effective barrier against the elements and explosive devices. For
extra security, use walls lined with Kevlar.
4. Avoid windows. Think warehouse, not office building. If you must
have windows, limit them to the break room or administrative area,
and use bomb-resistant laminated glass.
5. Use landscaping for protection. Trees, boulders and gulleys can
hide the building from passing cars, obscure security devices (like
fences), and also help keep vehicles from getting too close. Oh, and
they look nice too.
6. Keep a 100-foot buffer zone around the site. Where landscaping
does not protect the building from vehicles, use crash-proof
barriers instead. Bollard planters are less conspicuous and more
attractive than other devices.
7. Use retractable crash barriers at vehicle entry points. Control
access to the parking lot and loading dock with a staffed guard
station that operates the retractable bollards. Use a raised gate
and a green light as visual cues that the bollards are down and the
driver can go forward. In situations when extra security is needed,
have the barriers left up by default, and lowered only when someone
has permission to pass through.
8. Plan for bomb detection. For data centers that are especially
sensitive or likely targets, have guards use mirrors to check
underneath vehicles for explosives, or provide portable
bomb-sniffing devices. You can respond to a raised threat by
increasing the number of vehicles you check perhaps by checking
employee vehicles as well as visitors and delivery trucks.
9. Limit entry points. Control access to the building by
establishing one main entrance, plus a back one for the loading
dock. This keeps costs down too.
10. Make fire doors exit only. For exits required by fire codes,
install doors that don't have handles on the outside. When any of
these doors is opened, a loud alarm should sound and trigger a
response from the security command center.