Data Center Physical Security
A data center is the epicenter of any online infrastructure. A data center’s size can vary widely, depending on an organization’s needs. Broadly speaking, a data center consists of large groups of interconnected computers and servers that are responsible for remote storage and/or processing of data. Even though most potential intruders/hackers target the network of an infrastructure to get in, their eventual goal is to get access to data. In addition, there is a need to pay more attention to the physical security in data centers with the ever-increasing sophistication of social engineering and hacking methodologies. In this article, the objective is to highlight the potential security vulnerabilities in a data center (along with the ways to remove them) and to share tips on how rigorous physical security can achieved in the premises.
There are some places within a data center where unauthorized access can lead to infrastructural catastrophes. Let’s talk about some of them.
As the name suggests, a wiring closet is a small room/compartment where electrical connections are established using wires. A typical wiring closet can contain much equipment including (but not limited to): alarm systems, patch panels, circuit breaker panels, wireless access points, firewalls, network switches, Ethernet routers, etc. In short, the main wiring closet of a data center can be referred to as its cranium. In order to ensure maximum security, the following things should always be kept in mind when dealing with a wiring closet:
- The closet should be adequately locked and only official administrative panel should have access to it.
- If possible, there should be physical barriers surrounding the wire closet to ensure that no unauthorized entry can be made.
- The closet should be kept clean and orderly at all times. Not only does this prevent wires from entangling and wearing out, it also makes future rearrangements easier.
- The closet should be kept clear of any flammable items.
- Any storage items that are deemed unnecessary should be removed from the closet.
- Video surveillance of the wire closet is a must.
- The air temperature and air flow within the closet should be feasible.
- Humidity should be maintained at acceptable levels.
A server/computer room is where the actual magic takes place. Servers and mainframes in such a room handle data transfer and/or data storage. It’s of paramount importance that these rooms are established while keeping security measures in mind. Here are a few things to remember:
- Access: The access to a server room should be given only to service engineers and other administrative staff. There should be signs at the entrance door prohibiting the bringing of food, cigarettes, or drinks within the server room. All the computer rooms should only have two doors.
- Structure: Server rooms should be monitored via CCTV footage at all times. All the computers/servers need to be made available (they should have redundant access to networks, power and cooling). The rooms should have air filtration and high ceilings in order to ensure heat dispersal.
- Ambience: The environment of every computer room needs to be properly maintained as well. The temperature should be kept between 55 and 75 degrees Fahrenheit. The humidity and temperature of the room should at all times be monitored via sensors.
- Fire prevention mechanisms: Adequate fire prevention mechanisms should be deployed.
- Backup policy: A sound backup policy should also be in place.
DATA STORAGE FACILITIES
Data is stored in RAIDs among other devices in a data center. Most of the data belongs to end users and ensuring the security, sanctity, integrity, and availability of this data is of utmost importance. These facilities are the most highly desired targets for potential intruders because they contain the most precious information. Here are few things that need to be kept in mind:
- Guard the physical access to the data storage rooms. Make sure that no unauthorized person enters the rooms.
- The data storage rooms should be built in the most secure regions of the data center. The best practice is to make them hard to find for a newcomer.
- The walls of the room need to be made thick and secure.
- Make sure that storage rooms are covered by CCTV cameras.
- The temperature, humidity, and overall ambience in general should be monitored periodically.
- All the data should be made redundant; backups should be maintained at all times.
HVAC CONSIDERATIONS FOR DATA CENTERS:
Heating, ventilation, and air-conditioning (HVAC) is the technology that maintains indoor environmental control. In a data center, keeping the HVAC considerations in mind at all times is considerably important. However, maintaining temperature in data centers can become a huge cost factor. Once implemented while following proper guidelines, the power required to cool can quite easily exceed the power required to keep the IT equipment running. The American Society of Heating, Refrigeration and Air Conditioning Engineers (ASHRAE) has created a widely accepted guideline sheet that can be used to ensure optimal humidity and temperature within a data center. They can be viewed here.
A detailed understanding of data center cooling and ambience maintenance can be achieved via this paper. This page also talks about the different HVAC considerations that need to be kept in mind for a data center.
Water usage and management is of remarkable importance when we talk about data centers because huge volumes of water are needed to cool the servers and other IT equipment. A data center (say 15-megawatt) can use approximately 360,000 gallons of water a day. All the heat that is released by the servers is catered for, mainly by the use of cooling towers. The heat hence gets removed via evaporation.
According to the United States Geological Survey, around 40 percent of water in the US is used for power production; 12 percent of the water is used by public sectors, which includes the water drained out at data centers. Read more here.
It is therefore of great importance to ensure efficient usage of water within data centers. Data center managers must be aware of the need to cut their PUE levels down, not only to diminish power consumption, but also to decrease the amount of water required to cool down the equipment. Google released a report that shared the best practices that need to be employed in this regard; it can be found here. According to their estimates, their data centers now average around 1.25 PUE annually, which is a fairly encouraging stat. To add context, if we lower annual PUEs from 2 to 1.25 in the US, we can save around 45 billion gallons of water (and 22 billion kWh of energy).
If a proper cooling infrastructure is in place in a data center, then fire should be a distinct possibility, but preventive measures would still need to be deployed. There have been many situations in the past where, within seconds of cooling system malfunctions, fire has caused irreparable loss. In order to ensure protection against fire:
- Proper fire detection mechanisms need to be deployed. Smoke/fire sensors should be installed all across the data center to ensure maximum detection.
- Alarms need to be sounded as soon as there is fire or smoke is detected. The most sophisticated fire alarms should be deployed to completely eradicate the possibilities of false positives.
- Evacuation manuals should be given to every employee. They should also be pasted on the walls at designated areas.
- Proper extinguishing equipment and training also needs to be available at every employee’s disposal.
SIEMENS released a detailed report on Fire protection in data centers; it is a great resource of information on the pertinent matter.
While it takes elevated professional levels of social engineering and criminal sophistication to get unauthorized physical access to a data center, the possibility of a criminal mastermind managing to make their way in is not negligible. In addition, data centers also need to be made secure from natural disasters and the power/water consumption within the premises also needs to be kept in check, at all times.