Data Centers: Protecting the First Line of Defense
There are approximately three million data centers scattered across the United States. These facilities house organizations’ networked computer servers that collect, store, process and provide access to large amounts of data for millions of users each day. Today, these server farms have become critical to the essential functioning of government entities, financial institutions, large enterprises, social network organizations and smart cities. The importance of data collection and storage has only been heightened by the rapid growth of the Internet of Things, in which IHS Markit predicts there will be 125 billion Internet-connected devices by 2030.
With our dependence on the internet for everyday operations on the rise, securing data centers is all the more important. While many think of data centers and consider the risk of cyberattacks, physical security threats must be evaluated as well. Physical breaches at data centers do happen and can result in costly consequences. In 2007, a group of burglars broke into a Verizon Business data center in northern London. After entering the facility, the men posed as police officers and tied up security forces, stealing more than $4 million in equipment. This was just a single instance in what turned out to be a series of data center robberies in London at the time.
One of the challenges of safeguarding data centers is their location. Many are located in remote areas on vast properties. Ensuring that intruders and unauthorized personnel do not break into data centers is critical, as the perimeter is the first line of defense and should be one of the first priorities in a CSO’s security strategy. Applying the five D’s of perimeter security – deter, detect, deny, delay and defend – should serve as the framework for every data center’s perimeter protection plan. Here are some proven security strategies and technologies to accomplish these goals.
First, physical barriers around the data center property are a must. Fences, gates and bollards act as a first deterrent. Implementing Crime Prevention Through Environmental Design (CPTED) strategies, such a territorial enforcement, is effective as well. Tall shrubbery can make areas inaccessible and compel visitors to walk on well-lit pathways under the purview of surveillance cameras. Winding roads leading up to data center facilities force approaching vehicles to drive slowly, reducing the risk of a high-speed vehicle ramming into the building. These tactics play an instrumental role in deterring and delaying entry onto the premises and to the facility.
When it comes to detecting threats, thermal imaging cameras are optimal solutions. Unlike traditional video surveillance, thermal cameras measure the electromagnetic radiation emitted by all things and do not require a light source to produce video. Therefore, thermal cameras create clear, sharp images in light rain, fog, smoke or total darkness. However, CSOs need to be aware that not all thermal cameras are created equal. Lower-cost thermal cameras can often have video degradations over time, compromising the overall cost and maintenance of security systems. As a best practice, security directors should deploy high-grade thermal cameras with a proven track record of accuracy and performance.
The key value of implementing best-in-class thermal cameras with advanced analytics is that they result in more reliable detection, and they reduce false alarms and infrastructure costs. While fence sensor systems can require weeks for trenching, racking up thousands of dollars in installation and labor costs, thermal cameras can be mounted on existing building exteriors. Buried cable detection systems recognize movement. However, as data centers are often in remote locations, buried cables can be severely affected by environmental factors such as moving animals, which can result in a high number of nuisance alerts. On the other hand, thermal analytic cameras are particularly effective in remote locations as they can classify whether the moving target is a human or vehicle, and they provide a visual for alarm verification. For these reasons, thermal cameras help to reduce the total cost of ownership, creating a tangible cost-savings for organizations.
Ground-based radar, which works by transmitting a radio signal and receiving data as it detects objects in its path, is another great technology to deploy along with thermal for wide area coverage and long-range detection. Upon detection from both a radar solution and thermal camera, security operators can be sure they have a true alarm.
Another key technology to integrate for detection for data centers is ultra-high definition cameras with artificial intelligence technologies. For example, facial-recognition-enabled cameras can further assess approaching suspects, identifying whether the individual is a known offender on a blacklist or simply an employee on the property after hours.
Hardening access to and within the data center facility is the next layer in a data center’s perimeter protection plan. As a best practice, deploy systems and technologies where individuals must authenticate themselves at least three times upon initial entry. Install video intercoms at the entrance where individuals must provide their name and operators can get a visual of the person. Implement card readers where employees must scan their badges for entry. Leverage biometric technologies, such as iris and fingerprint scanners, to provide further authentication. Install revolving doors or turnstiles to eliminate piggybacking. As personnel walk further into the data center – from escorted areas to data center rooms to the data center cabinet – implement additional access control technologies so that staff must be verified at each level of restricted access. Also deploy surveillance cameras in these locations to ensure all areas of interest are can be closely monitored.
Should an intruder make it past a data center’s fence line or building entrance, it is imperative that the perimeter system have superior target tracking and response capabilities to defend the facility. In many cases, a strong physical security information management solution is needed to bring together all security devices and sensors under one platform. As a “systems of systems,” PSIM solutions provide deep integration between radars, external and internal cameras, video management software, audio analytics, electronic access control systems, and many other devices. Through the PSIM, both security directors and first responders, can view detailed map-based presentations of known or unknown targets for tracking and activate drones for further investigation. Security monitors can issue verbal warnings to suspects through two-way audio talk-down features. Verified alerts from gunshot detectors can automatically be sent to law enforcement, triggering immediate dispatch. Security directors can initiate lockdowns to seal off critical building areas and isolate the intruder and increase the probability of apprehension. All of these actions can be managed efficiently through a robust PSIM solution.
Today, many experts are are discussing how the “perimeter” has expanded beyond the physical borders of a property to include edge devices, mobile applications and the cloud. For this reason, any strong perimeter security plan for data centers must implement cyber hardening strategies for physical security equipment connected to the network. A few recommendations include deploying network monitoring software, enforcing encryption between archivers and cameras via Transport Layer Security, and eliminating backdoors.
When working in unison, thermal cameras, radar, ultra HD cameras with AI, access control systems, and PSIM solutions provide exceptional 24/7 protection and form a well-rounded perimeter security plan for data centers.