How safe is your company’s data center? It’s tempting to think of any risk affecting a data center as a cybersecurity issue, but the physical security of your data center is a real concern.
According to a recent report, human threats to data center security are a growing problem. The 2023 AFCOM State of the Data Center Report found that for the first time, human threats (both insiders and outsiders) were in the top five primary security and infrastructure threats.
This illustrates a key point: cyber security and physical security are merging, and quickly. Particularly when it comes to assets like your data center, the nerve center of your organization.
How can you protect your data centers? Contact us now for a demo.
8 issues facing data centers right now
Physical security is an important issue for data centers: As we said earlier, data center security encompasses physical security concerns as well as digital worries. Organizations need to make sure their data centers, or data rooms, are physically secure. That means ensuring the doors are controlled, the climate is controlled and the room itself is safe from issues like water leaks or other incidents that can damage servers. Don’t just focus on the cyber side of security.
Many organizations are complacent about access control: As a security consultant, the top problem I’ve seen in nearly every single organization with a data center is access control. Almost all organizations use the same access control on their data center that is used throughout the whole facility. The data center should be on a separate access control system, so that if the organization’s access control is compromised, the data center is still secure.
Power outages: You cannot simply rely on the electrical grid to power your servers. Make sure you have a backup power source, and a backup for that backup. Servers take a long time to boot up – and if your servers are down for a long time, that means a huge interruption of productivity and revenue.
Unvetted contractors: If you use contractors to service your data rooms, use the same vetting process you use for hiring employees, if not a tighter one. I’ve learned that many organizations don’t have a strong hiring process, and often, for contractors, it’s even worse. Don’t assume the company you’re hiring a contractor from has completed background checks or spoken to references. If they’re going to be in your data center, vet them thoroughly.
Companies don’t always consider hazards when they build your data center in. Ty Richmond, president of Allied Universal and a member of the CSO Risk Council, tells a story in the council’s book, A Culture of Risk, about a data center built in Georgia by a company based in California. The building was designed using Californian standards and didn’t take into account the fact that Georgia has cold, snowy winters. One winter, the pipes froze, burst, and soaked the servers. Know the area you’re building your data center in. Make sure it’s secured against any possible natural disaster. The best data center I’ve ever seen in my own career belongs to an insurance company. It’s a standalone building able to withstand an F4 tornado with two layers of access control, a man-trap system, and a room full of car batteries as one backup power source. This company had prepared for all foreseeable problems.
There aren’t cameras in server rooms: It’s hard to know who is tampering with servers if there are no cameras in your server rooms, however many companies don’t use cameras in server rooms because that may compromise security if the feed is hacked by a criminal. If your company has a policy against cameras in server rooms, make sure cameras monitor every ingress and egress points with a camera, so you know who has been in the room at all times.
Social engineering attacks: Social engineering attacks are more than simply phishing campaigns. A criminal can also con their way onto your site without using technology. Test your data center staff’s competency when it comes to checking badges, calling security on people they don’t know, and confirming whether or not a phone call or message is coming from a trusted source.
Data centers are assets and should be protected
If your data center goes offline, you’re likely to face significant problems, so physical security needs to be on organizations’ minds at least as much as cybersecurity is. Criminals don’t necessarily separate the two when they’re trying to gain access to your assets, so security leaders shouldn’t either.
Need help with data center security? Talk to us now about assessing your security.