Access denied: why physical protection is key to data security

There are many different working parts to an effective physical security system. By Neil Killick, Leader of Strategic Business (EMEA), Milestone Systems

  • Wednesday, 4th August 2021 Posted 2 years ago in by Phil Alsop

Data is fast becoming one of our most valuable resources. Some have dubbed it the new currency of business and it’s easy to understand why. Data is powering many important processes and decisions, from changing the layout of our cities to deciding what advertisements are shown to people as they browse online. This makes data centres, as centralised locations for data storage and processing, an attractive target for criminals, spies, and other malicious actors.

A growing target

Recently, data centres have experienced explosive growth, driven by advances in artificial intelligence (AI), the Internet of Things (IoT), cloud computing, and 5G — technologies that all rely on powerful, fast, computing power. Likewise, the pandemic has played a critical role as more people went online to work, socialise, shop, game, watch TV, and more.

Evidently, data centres are becoming a mainstay of every modern-day organisation, and this means they must be protected with best-in-class solutions to ensure data security and business continuity. Threats can come from many areas, from cybercriminals looking to hold a business to ransom, to corporate spies looking for secrets to sell, and even natural disasters like floods, fire, and earthquakes. Data centre leaders must consider every risk for their security to remain impenetrable.

Physical security needed

Foresight is critical to protecting a data centre effectively and many data centres invest huge sums in anti-malware, firewalls, and other security software. Yet, the best firewall in the world will prove useless if someone gains unauthorised access to a building. Physical security must not be underplayed when securing a data centre.

How to improve physical security

With this in mind, how can you get your physical security up and running?

The physical security of a data centre typically comprises built-in safety and security features to protect buildings and equipment.

1. Audit

Start with a data centre security audit to understand current strengths and weaknesses. This will also uncover the equipment, data, and access points that require protection, and the

employees working on-site who require access (and in what areas). Make sure the list of staff members who have access to high-risk areas is updated regularly and anyone who shouldn’t have access (due to changes in their role, or if they leave) has their credentials revoked immediately.

2. Internal protections

The second step is to consider internal protections like CCTV, access control, infrared tripwires, mantraps, and other smart devices that can reduce the risk of intrusion, detect emergencies like fire and flood, and preempt equipment failure. Your CCTV footage needs to provide comprehensive visibility of everything happening on-site. You might also want to invest in facial recognition or behavior monitoring tools to increase security further. In the event of a security breach, visual identification of an intruder should be possible through video and audio feeds.

3. Perimeter and access control

Perimeter controls and access control systems will ensure that unauthorised individuals cannot get physically close to a data centre. Anti-tailgating and anti-pass-back facilities will ensure only one authorised individual and vehicle passes into a complex during a specific time. Access lists should also be in place, along with multi-factor authentication, where possible.

Visitor and contractor management needs to be implemented to monitor the movement of all visitors and third-party personnel. Ideally, security teams should be able to pinpoint the locations of contractors and visitors in real-time either through wearable trackers or advanced video analytics. Records should be kept of all visitor and contractor activity on-site, including their entry and exit times and the areas accessed.

4. Redundant utilities

The next stage is looking at your redundant utilities (like electricity and water) to avoid common-mode failures and downtime. It’s also worth monitoring and controlling the air quality, temperature, and humidity within a data centre. Specifically within rack areas to ensure air conditioning and cooling systems cannot be exploited and services are not disrupted.

5. Security training

The final step involves your people. Security staff and control centre teams need training in your security systems and processes to ensure consistent 24/7 coverage of your data centre and short response times during any incidents. Your wider workforce will also need training to ensure they understand their role in protecting the data centre.

Open system ensures flexibility

As you can see, there are many different working parts to an effective physical security system. Investing in an open system over a proprietary, closed solution can give greater flexibility in the range of devices and vendors a data centre can work with. This ensures best-in-class solutions are tailored to each data centre’s requirements and can be updated easily to protect against new threats.