Despite the slow economy, the multi-tenant data center industry is growing rapidly. According to the Uptime Institute, more than a third of data center facilities will run out of space, power, cooling, or all the above by 2013. Driving the demand is the need for private companies to securely host information technology (IT) infrastructure in a world of increasing threats. Multi-tenant data centers provide companies with a more unified and cost-effective approach to securing data.
However, data centers and the security professionals who staff them face competitive concerns, terrorist threats, federal regulations and natural disasters as they work to enhance both physical and logical security operations to seamlessly protect sensitive customer data. To handle the growing numbers of threats, large organizations are being driven by their security professionals to significantly increase IT security spending. According to a Forrester Research survey conducted last year, 42 percent of enterprises and 37 percent of small and medium-sized businesses planned to increase security spending by five percent or more annually. Most significantly, today’s data centers are managing increased customer demand for privacy features due to the intellectual property race and gaining competitive advantage.
Taking on the Insider Threat
While instances of hacking are widely publicized and must be guarded against, much illicit use of proprietary information is obtained from current or former employees. A well-known example of internal privacy violation is Lawrence R. Marino from Goffstown, N.H., who pleaded guilty to computer intrusion stemming from his repeated hacks into the computer system of his former employer, OneSky. Marino acquired other employees’ log-in credentials for their OneSky e-mail accounts, which contained confidential information about the company’s existing and prospective customers. Following his departure from OneSky, Marino used his illegally-obtained information to solicit new customers on behalf of his new employer, according to the Department of Justice.
To prevent similar breaches, data center providers must review the access that employees have to sensitive data and determine if greater restrictions are needed. Many multi-tenant data centers are implementing anti-passback security procedures that mandate a specific sequence in which access cards must be used in order for customers, contractors and visitors to swipe in and out of customer suites. Additionally, in the unlikely event of an emergency requiring evacuation of the facility, an anti-passback procedure provides the security team and first responders with accurate information on whether or not a complete evacuation has taken place.
Security Staff and Visitors
For added internal security, data center providers are turning to in-house security teams, as opposed to contract or off-duty patrol officers, to monitor facilities around-the-clock. According to ASIS International, proprietary security is “any organization, or department of that organization, that provides full-time security officers solely for itself.”
Proprietary security staff are believed to be more loyal and have a vested interest in company success. On the other hand, use of contract security staff is usually less expensive with recruiting, hiring and training managed by the contract company. A combination of both proprietary and contract security may be desirable based on customer mission and information sensitivity.
Visitor protocol is heightened with identification and security checkpoints throughout large data center campuses. For example, Quality Technology Services (QTS), the nation’s third-largest data center provider, employs two to three officers per shift who conduct two physical security tours each shift. Officers review access logs, check access control systems at each man trap entryway, and observe the physical appearance of areas in and around customer suites.