To date, more than 140,000 people have died worldwide of COVID-19, the flu-like disease caused by the new coronavirus, according to data from Johns Hopkins University. The United States had the highest confirmed death toll, with more than 31,000 fatalities.

During the COVID-19 crisis, enterprise security executives are busier than ever – standing up business continuity plans, enacting broader contingency plans, mitigating risks with employees working at home and more – all to keep businesses humming as the coronavirus outbreak has spread.  

Like many businesses, data centers are critical facilities during this time, as more employees work from home. Edward Ankers is Director of Corporate Security, NTT Global Data Centers Americas, Inc. (formerly RagingWire Data Centers). What challenges has the coronavirus presented to Ankers, especially as stay-at-home orders went into effect and most enterprise employees are telecommuting? How has his business continuity plans evolve? And what lessons has he learned to date?

Security magazine: Are all of your company’s employees working from home, and if so, what challenges has that brought?

Ankers: There are some employees who have to continue working at the data center due to their roles within our security operation. We have implemented all necessary protective protocols to isolate them physically while still enabling them to do their jobs.

All of our non-essential employees have been instructed to work remotely until further notice. We made sure they were given the appropriate equipment to work productively away from the facility. We’re very happy with the cooperative spirit our employees have shown to date. Supervisors are in regular contact with their teams, and all reports have indicated that productivity has not declined during this crisis.

Security magazine: What changes have been made to the operation of your SOC?   

Our SOCs are integrated with one another. Some of the changes to our daily operations are:

•  We only allow one person in the SOC at any given time
•  The SOC is disinfected at shift change
•  All turnover discussions are conducted through appropriate distancing barriers
•  All personnel are required to wear gloves and masks while staffing the SOC
•  No documents are shared or exchanged with personnel outside the SOC

In addition, we launched a Crisis Communications tool for all employees that enables them to:

• Read the latest company news from our organization
• View helpful tips (IT, productivity, health)
• Get answers to FAQs
• View internal and external resources links
• Find emergency contact info
• Contact us to make a request

Security magazine: How have the responsibilities of your security team been affected during this pandemic? Any new responsibilities?

Ankers: Health screening and managing social distancing have been the two most notable additions to the security team’s responsibilities. We have found that adding informational and directional signage has been effective. Our signage is a gentle but direct reminder for people to maintain safe distances between each other. We have also deployed social distancing vinyl stickers on the lobby floors six feet apart at all locations. We also continue to educate and verbally direct our data center personnel on an ongoing basis.

Another responsibility we have been required to modify has to do with our protocol for foot patrols of our buildings and sites. We have changed our routes to avoid lobby areas, breakrooms and other populated, non-critical areas that can be monitored with cameras. Security staff have been instructed to simply stay away from people while conducting patrols of critical areas, and if they must interact to stay at least 6 feet away and practice safety and vigilance while doing so.

Security magazine: Once the pandemic is over and things return to as normal as possible, do you anticipate any changes that you will make to your business continuity plan?

Like other data center operators, we anticipate many changes once the pandemic is over. Supply chain modifications as well as personal protective equipment (PPE) inventory levels will need to be addressed. In addition, we will:

• Establish a collective voice with other data center providers to order supplies during a time of crisis
• Maintain our new health screening protocols as well as procedures for denying people access to a site
• Include alternate secure entry points that can be easily enabled or disabled and staffed with security personnel as well as surveillance systems
• Increase and maintain our stock of latex gloves, safety masks, and eye protection

Security magazine: Were you properly prepared for this pandemic?

Ankers: We are always prepared for different scenarios, including natural disasters such as hurricanes, tornadoes, winter storms, etc. This situation presented a new challenge in how we managed risk related to appropriate social distancing, sanitizing, ingress/egress routes, and staff shifts to minimize cross-contamination possibilities. We have found that with the right communication tools and decision-making processes, we very quickly adapted to the situation and enacted new protocols and procedures to protect the safety of all individuals associated with our data centers.

Specific actions we are taking to maintain the data centers include:

• Deferring face-to-face meetings which are non-essential and/or involve large numbers of employees.
• Advising employees who are feeling unwell to seek medical advice and work from home until they are fully recovered.
• Enabling remote work for all employees whose presence at the data center is not essential.
• Requesting and receiving cooperation from our customers to adhere to our policy of limiting access of all personnel to the data centers.
• Implementing new health screening protocols by asking all entrants to the data centers about their recent travel and any illnesses.
• Enacting new building access protocols in which we are now asking all customers and staff to enter through the main lobby of each building and to be cleared by security before entering internal spaces. We will not allow any personnel to travel between buildings, including our own internal employees, to help avoid cross contamination across physical sites.
• Adding shipping & receiving department precautionary measures, such as all packages will be received with care and placed in quarantine for a period of no less than 24 hours.
• Increasing cleaning and sterilization throughout the data center to help limit potential exposure to customers and employees. Includes conducting sanitizing activities daily in our workplaces and providing hand sanitizer throughout the facilities for all building occupants.
• Requesting customers, contractors and visitors to self-disclose if they have visited a risk area and the timeframe of the incubation period since leaving the risk area is not yet over.
• Ensuring frequent contact surfaces in our offices are cleaned thoroughly, multiple times daily and providing easily accessible hand sanitizer in our workplaces.

Additional resources from Ankers:

“Continuing a proud family tradition” – a short video where Edward Ankers describes the heritage of security professionals in his family.  https://www.youtube.com/watch?v=nfWytOaBMHY

“Protecting the newest critical infrastructure” – a short video in which Edward Ankers describes the importance of security in data centers. https://www.youtube.com/watch?v=AYk33AKvd1M