Protecting Multi-Tenant Data Centers

Security challenges run the gamut from terrorism to tornados


Identity-based and biometric applications such as iris eye scanning devices are being installed to secure the privacy of individual customer suites within the data centers. Iris scanning was perfected in the early 2000s and uses algorithms to identify the number of concentric circular outer boundaries of the iris and the pupil, which is unique in every human. Iris-scanning devices are so secure that they are even employed at government immigration check points and airports.

In response to rising terrorist threats, the Department of Homeland Security (DHS) has implemented an Enhanced Critical Infrastructure Program to periodically survey the nation’s data centers. Data centers must comply with a checklist of DHS requirements, and participate in follow-up reviews. Physical security components of the review include, but are not limited to: fences, parking, security lighting and vehicle access. Personnel security, background investigations and critical infrastructure dependencies such as electric, water, waste water and telecommunications also are considered when developing a terrorist protection program.

In addition to customer demands, data centers must combat the ever-increasing threat of terrorist cyber-attacks. Most data center companies now develop anti-terrorism training guides to safeguard customer data against cyber intelligence attacks. These guides, updated regularly, share information with customers on best practices that enhance the safety of their mission-critical data.

 

Data Center Compliance

While DHS is focused on cyber-attacks, the Obama administration is focused on storing classified data more efficiently. In 2009, the White House announced the Federal Data Center Consolidation Initiative that will close 800 out of 2,094 government-owned data centers by 2015. The initiative aims to increase the overall IT security posture of the government and shift to more efficient computing platforms and technologies. Specifically, the initiative will reduce the overall energy and real estate footprint as well as the cost of data center hardware, software and operations. The move allows private data centers to obtain federal contracts, and, in turn, forces these companies to meet strict federal security guidelines for storing classified data.

In order for data centers to become compliant, they must physically separate government data systems from all other customers and often separate federal data from similar federal data on an agency-by-agency basis. In addition, federal data must have separate storage, backup systems and tapes than unclassified tenants. Further, only cleared personnel are allowed to enter government suites to perform routine operations. These staffers must meet or exceed background investigation requirements as determined by each federal customer. Finally, the facility that houses classified data must have defined wall upgrades, conduit accesses and access control systems.

 

Facility Hardening

Data center security personnel must also contend with Mother Nature. This spring, much of the Midwest and Southeast experienced the deadliest tornado season in 50 years. As a result, many corporations have invested in off-site data storage in facilities that can withstand severe weather.

Tornadoes, hurricanes, earthquakes and harsh winter weather often result in power loss, frozen or broken pipes, tainted water supply, equipment malfunctions and building damage. Ultimately, natural disasters provide an opportunity for physical security breaches and risk the safety of data center personnel responsible for the uninterrupted operations of the facility.

Therefore, chief security officers are challenged to meet physical requirements, such as wind and flood resistance, plus emergency plans to ensure the safety of employees and privacy of customer data. A typical Business Continuity Plan (BCP) will include emergency contacts for pre-selected vendors, essential operations personnel, local emergency officials and relocation plans.

Last spring’s tornado activity was a stark reminder of the ever-increasing number of risk factors that impact both the logical and physical security of data centers. The security community must meet these ongoing challenges by working both individually and together to combat threats, develop new strategies and react to the growing security needs of the organizations whose people and mission critical data we protect.