Data Center Security

Physical controls are a crucial part of creating a secure environment


Video assessment of a violated perimeter detection zone is also an important part of the data center perimeter security, where cameras provide the ability to observe and to identify the source of an intrusion alarm and determine its validity. Strategically located cameras on the building’s exterior, on the roof and/or on light poles throughout the site can be programmed to automatically view a zone in violation. Pan/tilt/zoom cameras are preferred for this type of application, since each will have the ability to view multiple perimeter detection zones and the building’s perimeter. Areas such as the building’s entrance and emergency exit doors, the roof, as well as the parking area and the site’s pedestrian and vehicle paths should also be viewable from these camera locations.

Perimeter Access Control

Once fully operational, vehicle and pedestrian access to the data center site is generally controlled at the outermost perimeter. Card reader-controlled motorized vehicle gates or barrier arms located across the access road may be used to restrict unauthorized vehicles from gaining access to the site. As the first point of contact, the sentry at the security booth would be responsible for screening all visitors and controlling the operation of the barriers. The booth should be designed to provide a comfortable environment for the sentry and protect his communication, monitoring, control and screening equipment from the elements. Basic equipment could include a duress button with a phone or radio to provide communications with the facility or local law enforcement in the event of an emergency.

More elaborate systems may include an intercom or video intercom to communicate with and view employees that may have forgotten their access cards and visitors waiting to gain access at the vehicle gates. The video intercom at the gates may also be used to communicate directly with the facility’s security control room to identify employees and verify a visitor’s host and appointment. Monitoring elements within the booth may include video screens or a computer workstation to view images from cameras located in the immediate area of the access road. Software to identify employees and verify their access privilege and a visitor management tool could also reside on that workstation.

Control devices may consist of a number of pushbuttons for operating the vehicle gates and for activation of high-impact vehicle barriers. Department of State crash-tested and rated high-impact barriers such as hydraulic bollards may be deployed at facilities that are more sensitive. Such barriers feature automatic raising and lowering and are installed flush to the finish roadway when retracted. Ideally, visitor and employee parking should be placed away from the facility. Large, open buffer zones consisting of grass berms combined with strategically placed planters and architectural walls and/or bollards will help in protecting the facility from anyone trying to crash a vehicle into the building. They also assist in visual obscuration of the facility.

Building Entrance and Second Layer of Security

Data centers are generally designed with one main access point which will be used to filter all of the employees and visitors into the facility. This entrance will usually be card reader-controlled. A security officer will validate visitors via an intercom with video before being allowed to enter the lobby reception area. This security post is often protected behind bullet-resistant glass, and in addition to the visitor screening function, also provides on-site security monitoring and control. Entry into the facility beyond the lobby area is commonly controlled with a mantrap or a high-security portal.

To limit the potential for tailgating and to ensure access is provided only to authorized employees and visitors, the operation of the mantrap’s dual set of doors are controlled by security personnel. The inner door is opened only after the security staff member has visually confirmed the validity of the occupants within the mantrap. A video camera within the mantrap and or a vision panel will assist in the identification process. This process is repeated with a request for egress from the secured space. In many instances, biometric-enhanced card readers are used to provide data center employees the ability to pass through the mantrap without the intervention of the security staff.

In lieu of conventional mantraps, sophisticated high-security portals with electronic weight sensing, and/or advanced motion sensing capabilities will eliminate the potential for piggybacking and tailgating. For electronic weight sensing, the booth which is set with a predetermined, but adjustable anti-hostage threshold will determine if more than one person is present within the booth. As a single authorized user stands in the booth, it confirms acceptance of the occupant based on their weight and in combination with their biometric template as presented to the access device, will operate the doors.