Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

19 Ways to Build Physical Security Into a Data Centre

What should be the CIO's or CISO's high-level goals for making sure that security for the new data centre is built into the designs, instead of being an expensive or ineffectual afterthought?
Page:

Protecting data is not just a job for technologists. It also takes physical security and business continuity experts

At information-intensive companies, data centres don't just hold the crown jewels; they are the crown jewels. Protecting them is a job for whiz-bang technologists, of course. But just as important, it's a job for those with expertise in physical security and business continuity. That's because all the encryption and live backups in the world are a waste of money if someone can walk right into the data centre with a pocket knife, a camera phone and bad intentions.

There are plenty of complicated documents that can guide companies through the process of designing a secure data centre - from the gold-standard specs used by the federal government to build sensitive facilities like embassies, to infrastructure standards published by industry groups like the Telecommunications Industry Association, to safety requirements from the likes of the Fire Protection Association Australia. But what should be the CIO's or CISO's high-level goals for making sure that security for the new data centre is built into the designs, instead of being an expensive or ineffectual afterthought?

Read below for a fictional data centre designed to withstand everything from corporate espionage artists to terrorists to natural disasters. Sure, the extra precautions can be expensive. But they're simply part of the cost of building a secure facility that also can keep humming through disasters.

1. Build on the right spot. Be sure the building is some distance from headquarters (30 kilometres is typical) and at least 30 metres from the main road. Bad neighbours: airports, chemical facilities, power plants. Bad news: areas prone to bushfires and floods. And scrap the "data centre" sign.

2. Have redundant utilities. Data centres need two sources for utilities, such as electricity, water, voice and data. Trace electricity sources back to two separate substations and water back to two different main lines. Lines should be underground and should come into different areas of the building, with water separate from other utilities. Use the data centre's anticipated power usage as leverage for getting the electric company to accommodate the building's special needs.

3. Pay attention to walls. 1/3-metre-thick concrete is a cheap and effective barrier against the elements and explosive devices. For extra security, use walls lined with Kevlar.

4. Avoid windows. Think warehouse, not office building. If you must have windows, limit them to the break room or administrative area, and use bomb-resistant laminated glass.

5. Use landscaping for protection. Trees, boulders and gullies can hide the building from passing cars, obscure security devices (like fences), and also help keep vehicles from getting too close. Oh, and they look nice too.

6. Keep a 30-metre buffer zone around the site. Where landscaping does not protect the building from vehicles, use crash-proof barriers instead. Bollard planters are less conspicuous and more attractive than other devices.

7. Use retractable crash barriers at vehicle entry points. Control access to the parking lot and loading dock with a staffed guard station that operates the retractable bollards. Use a raised gate and a green light as visual cues that the bollards are down and the driver can go forward. In situations when extra security is needed, have the barriers left up by default, and lowered only when someone has permission to pass through.

8. Plan for bomb detection. For data centres that are especially sensitive or likely targets, have guards use mirrors to check underneath vehicles for explosives, or provide portable bomb-sniffing devices. You can respond to a raised threat by increasing the number of vehicles you check - perhaps by checking employee vehicles as well as visitors and delivery trucks.

9. Limit entry points. Control access to the building by establishing one main entrance, plus a back one for the loading dock. This keeps costs down too.

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Biometric Identification, CROWN, Equinix, Motion, Nortel, Nortel Networks, PLUS, SUNGARD

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Seven SOA Practices to Unlock Business Value
    The fact is that companies are increasingly using SOA to gain competitive business advantage. Distilled down to seven essential SOA practices, the following list enables IT professionals to tightly align SOA investments with their organization’s business priorities. Using these practices can help with driving competitive advantage and adding measurable business value...and that’s a sure way for IT pros to win recognition and ongoing support within their companies.
    Learn more »
  • Providing effective endpoint management at the lowest total cost
    Endpoints, otherwise known as servers, workstations, laptops, mobile devices, and virtually any other network-connected device, are critical components that enable business to be transacted. Properly implemented, endpoint management ensures continuous compliance with IT policies, regardless of where the machines are located and what type of network they are connected to.
    Learn more »
  • OVUM Report: Governance Risk and Compliance-- GRC usage and buying trends in the ANZ markets
    The existence of an established and stable governance risk and compliance strategy is extremely important to public and private sector organisations as they strive to meet an evergrowing range of regulatory demands. Given the current constraints, it is one of the few areas where the vast majority of organisations intend to either maintain or in many cases increase spending. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments