Data Center Security

June 30, 2009
Physical controls are a crucial part of creating a secure environment

A data center is a production facility and central repository that is used specifically for storing an organization’s “crown jewels” — which in IT terms translates to application systems, mainframes, communication networks and huge quantities of data archiving systems. A Tier 1-type data center can occupy one room of a building containing only a few servers; on the other hand, an enterprise-class, Tier 4-type of mission-critical facility may take up an entire building with thousands of servers.

Physical security is a crucial part of the defense strategy of the data center to ensure a secure environment. Most organizations do not have the luxury or the financial depth to locate their data center hundreds of feet below a granite mountain with a complete infrastructure to support it. Enterprise-class data centers (this article’s focus) are often free-standing facilities, which present unique challenges for physical security design.

The Planning Phase

During the design or planning stages of a mission-critical facility, every potential threat must be identified and the cost to protect it evaluated. The design team should analyze the use and operation of the facility and identify the different user groups and departments, and, in some cases, vendor and third-party groups working within secured areas in an attempt to physically separate them. The physical security design should incorporate a multi-layered approach. A complete security assessment must also include a survey of the geographical location of the facility, along with the assessment of the crime statistics for the area.

Fortunately, most organizations have the foresight to locate their facility away from large urban areas, away from high crime and traffic, and away from potential high-profile terrorist targets. Ideally, these types of facilities should be located on a large, open space that would allow for a large buffer zone between the building and public areas such as roads, sidewalks and parking areas. Where proper buffer zones are not achievable, enhancing the structural building design for blast-mitigation may become a factor in the building’s design process.

Recent world events may also require some consideration for hardening the facility against electromagnetic pulses (EMP). Hardening a facility against EMP and blast-mitigation can have a significant impact on the construction budget; however, retrofitting this type of protection after the facility has been built is considerably more expensive.

Perimeter and Outer Layer of Security

Use of around-the-clock security personnel for monitoring and controlling access to the site should be part of the early stages of construction even before the foundations are excavated. Early establishment of the perimeter and the outer layer of security through the use of barriers or fences can reduce the chance of random vandalism. Part of the outer layer of security should include a perimeter intrusion monitoring solution. This type of solution — which may be integrated with the facility’s access control and alarm monitoring system — could include fence-mounted sensors, a volumetric system or even video technology based on a virtual perimeter.

Fence-mounted sensors typically consist of special coaxial or fiber optic cables that are used for detecting an intruder cutting, climbing or lifting the fence fabric. Volumetric sensors may be totally covert and will attract less attention since they do not require a physical barrier such as a fence to operate. They generate an invisible detection field that locates an intruder moving through that field. One such technology uses buried sensor cables which generate an invisible magnetic field. Other volumetric sensors which are less covert and require above-ground installations are microwave and infrared beam detector systems.

Video assessment of a violated perimeter detection zone is also an important part of the data center perimeter security, where cameras provide the ability to observe and to identify the source of an intrusion alarm and determine its validity. Strategically located cameras on the building’s exterior, on the roof and/or on light poles throughout the site can be programmed to automatically view a zone in violation. Pan/tilt/zoom cameras are preferred for this type of application, since each will have the ability to view multiple perimeter detection zones and the building’s perimeter. Areas such as the building’s entrance and emergency exit doors, the roof, as well as the parking area and the site’s pedestrian and vehicle paths should also be viewable from these camera locations.

Perimeter Access Control

Once fully operational, vehicle and pedestrian access to the data center site is generally controlled at the outermost perimeter. Card reader-controlled motorized vehicle gates or barrier arms located across the access road may be used to restrict unauthorized vehicles from gaining access to the site. As the first point of contact, the sentry at the security booth would be responsible for screening all visitors and controlling the operation of the barriers. The booth should be designed to provide a comfortable environment for the sentry and protect his communication, monitoring, control and screening equipment from the elements. Basic equipment could include a duress button with a phone or radio to provide communications with the facility or local law enforcement in the event of an emergency.

More elaborate systems may include an intercom or video intercom to communicate with and view employees that may have forgotten their access cards and visitors waiting to gain access at the vehicle gates. The video intercom at the gates may also be used to communicate directly with the facility’s security control room to identify employees and verify a visitor’s host and appointment. Monitoring elements within the booth may include video screens or a computer workstation to view images from cameras located in the immediate area of the access road. Software to identify employees and verify their access privilege and a visitor management tool could also reside on that workstation.

Control devices may consist of a number of pushbuttons for operating the vehicle gates and for activation of high-impact vehicle barriers. Department of State crash-tested and rated high-impact barriers such as hydraulic bollards may be deployed at facilities that are more sensitive. Such barriers feature automatic raising and lowering and are installed flush to the finish roadway when retracted. Ideally, visitor and employee parking should be placed away from the facility. Large, open buffer zones consisting of grass berms combined with strategically placed planters and architectural walls and/or bollards will help in protecting the facility from anyone trying to crash a vehicle into the building. They also assist in visual obscuration of the facility.

Building Entrance and Second Layer of Security

Data centers are generally designed with one main access point which will be used to filter all of the employees and visitors into the facility. This entrance will usually be card reader-controlled. A security officer will validate visitors via an intercom with video before being allowed to enter the lobby reception area. This security post is often protected behind bullet-resistant glass, and in addition to the visitor screening function, also provides on-site security monitoring and control. Entry into the facility beyond the lobby area is commonly controlled with a mantrap or a high-security portal.

To limit the potential for tailgating and to ensure access is provided only to authorized employees and visitors, the operation of the mantrap’s dual set of doors are controlled by security personnel. The inner door is opened only after the security staff member has visually confirmed the validity of the occupants within the mantrap. A video camera within the mantrap and or a vision panel will assist in the identification process. This process is repeated with a request for egress from the secured space. In many instances, biometric-enhanced card readers are used to provide data center employees the ability to pass through the mantrap without the intervention of the security staff.

In lieu of conventional mantraps, sophisticated high-security portals with electronic weight sensing, and/or advanced motion sensing capabilities will eliminate the potential for piggybacking and tailgating. For electronic weight sensing, the booth which is set with a predetermined, but adjustable anti-hostage threshold will determine if more than one person is present within the booth. As a single authorized user stands in the booth, it confirms acceptance of the occupant based on their weight and in combination with their biometric template as presented to the access device, will operate the doors.

To maximize the use of personnel in the lobby reception area, the security control room and its operation — including the employee ID badging station — are usually located within the same area behind the bullet-resistant glass. This will enable security staff to perform multiple functions without leaving the secured environment. The heart of a data center’s security system will consist of computer workstations, video monitors and communications equipment. An effective design and layout will ensure that the system’s monitoring components are not visible from the reception area. A wall or partition should be used to segregate the control room from the badging station. A biometric enrollment device with a computer workstation, a digital video camera and a badge printer will be required to support employee ID processing.

Loading and Receiving Entrance

Within the facility’s second layer of security, the receiving area or loading dock should be provided with the same level of security as the main entrance and lobby reception area. To that effect, a loading dock security sub-station equipped with monitoring, control and communications components should be part of well-planned data center design. Through its windows, the sub-station should provide security staff members the ability to view all activity on the loading dock.

The entrance to the loading dock should be controlled with a card reader. Through the use of a video intercom, outside delivery personnel, vendors and contractors can be subjected to further screening before being allowed to enter the dock area. To ensure that overhead dock door doors are opened by authorized staff members only, the door controllers should be integrated with card readers.

A large mantrap will facilitate the movement of bulky equipment and supplies from the loading dock into the data center’s secure operations area. From within the sub-station, security staff will be able to monitor and control the flow of traffic through the mantrap. Biometric card readers will provide the means for authorized staff members to pass through this mantrap without the intervention of security staff. Third-party maintenance personnel and contractors — including their equipment — would be processed at the sub-station before being escorted into the operations area.

Fixed and dynamic video cameras are an important combination of a secure loading dock operation. Cameras strategically located will afford a good overview of all exterior and interior loading dock activity, and dynamic cameras give security staff members the ability to follow the movement of staff and equipment between the truck cargo holds, the loading dock and operations area. All camera activity should be recorded.

Operations and Inner Security Layer

Ensuring 99.995-percent fault-tolerant availability for a Tier 4-type of facility will require that critical systems such as power, cooling and communications be provided with full redundancy. Mirrored data halls are a typical part of an enterprise-class facility design. To maintain this high level of operation, different user groups and support staff and, in some cases, vendor and third-party groups, will be working within areas of this inner layer of security. Use of card readers creates multiple levels of security to physically separate these groups and provide the important audit trail of their access transactions.

Proximity card readers are the preferred technology to control access to the various electrical and mechanical spaces, such as the UPS, battery and generator rooms, chiller plants as well as other support areas. Equipment staging areas, storage, third-party rooms and vendor storage, and, in some instances, offices, are also provided with proximity card reader control. Cooling tower yards are typically located behind block walls and are only accessible from within the operations area. Doors that are used for maintenance and moving of large equipment should be card reader-controlled and the area monitored with video cameras.

To provide a higher level of security for such areas as the tape vault, the carrier rooms and chilled water plant, the proximity readers may be combined with a pin pad or biometric technology. The highest level of access is applied to the command center and data halls where the “crown jewels” are located. Mantrap portals controlled with biometric technology card readers provide the means for authorized personnel to enter and exit the area. Oversize or overhead doors may be required for moving large bulky equipment in and out of the data hall; and their operation is typically confined to select individuals requiring the two-man-rule feature of card access control (where at least two people must be present). Video cameras should be provided in the mantraps, the data hall areas and all common corridors.

Emergency exit doors should also be covered with video cameras. The hardware should be located on the secure side only. Depending on local life safety and building codes, time-delayed egress hardware with loud horns should be used on these doors to give security personnel additional time to respond and to discourage their use except in an emergency.

Mission-critical facilities require redundancy in all aspects of the support infrastructure, which may entail redundant power grid connections and multiple fiber providers for communication. The connecting vaults for these multiple utilities are typically located at a distance away from the building and should be monitored through the facility’s security system. Finally, as a very important part of a data center’s critical support infrastructure, the security systems should be designed with redundancy as well.

In developing the security strategies for a data center, it is always better to plan for the worst and hope for the best.

Fred Miehl is a Certified Protection Professional with the consulting firm Aggleton and Associates. He is a member of the American Society for Industrial Security, and a past member of its Standing Committee for Banking and Finance; he is also a member of the International Association of Professional Security Consultants.