The continuing adoption of big data is increasing the demand for data centres. Given that data centres house a large volume of critical and sensitive data and equipment – and the value that data has these days – they are a high-value target for both physical and cyber threats.
While cyber risks such as hacking, malware, and ransomware are frequently discussed in the context of data centres, physical security risks such as theft, vandalism, sabotage, and environmental risks must also be taken into consideration. These risks can be just as detrimental to data centre operations and can result in greater losses.
In fact, the 2020 Cost of a Data Breach Report, published by IBM, reviewed a number of breaches and the study showed that 10% of them were caused by a physical security compromise, the average cost being approximately £3.5 million.
Data centres must therefore implement a multi-layered approach to physical security and leave no stone unturned. Thankfully, more things are monitorable than ever these days – and this article reviews some of the solutions available.
Physical Security Incidents
Physical security incidents rose during the pandemic and have continued to rise into 2023. Pro-Vigil’s “The State of Physical Security Entering 2023” report states that 28% of businesses saw an increase in physical security incidents in 2022. In addition, 39% of survey respondents considered the state of the economy to be the main cause, followed by supply chain issues, security guard shortages, insider issues, and reduced business hours.
While theft and vandalism are among the most common types of incidents for businesses in general, data centres have become targets for politically motivated sabotage, such as the failed attempt to bomb an AWS data centre in April 2021. While this was an isolated incident, it illustrated the importance of physical security in this context – especially since many data centres are easy to access and do not have adequate protection at their perimeters.
Data centres are at risk from a variety of environmental threats, including:
- Temperature and humidity: High temperatures and humidity can cause equipment to malfunction or fail, while low temperatures can cause condensation and moisture build-up. Extreme temperature fluctuations can also cause thermal shock, which can damage equipment.
- Water damage: Water damage can result from leaks, flooding, or other environmental factors. Even a small amount of water can cause significant damage to equipment.
- Fire: A fire can not only cause extensive damage to the entire facility, it can result in prolonged downtime and lost revenue.
- Power outages: Power outages can cause data loss and equipment damage, as well as disrupt operations and result in lost revenue.
Ways to Improve the Physical Security of Data Centres
CCTV Monitoring with Improved Event Transmission
When it comes to using CCTV monitoring to protect data centres, there are several best practices to follow.
Before installing security cameras, one should determine their specific needs based on the size and layout of the data centre. Consider factors such as the number of entry points, the layout of equipment, and the areas that need to be monitored closely.
Stringent monitoring is required for any area that could compromise the facility, including power supply areas, communications rooms, and the less-obvious entrances such as vents and rooftop doors.
Use high-quality cameras with good resolution and low-light capabilities. Also consider cameras with pan-tilt-zoom (PTZ) features that can cover a wide area and combine these with fixed cameras in order to ensure there are no gaps in coverage.
Another consideration for CCTV monitoring is using cameras with video analytics capabilities – just one of the technological innovations the security industry is adopting.
However, security cameras are only as helpful as the speed at which operators are alerted. High-quality incident management solutions ensure the fastest transmission of alerts to the central station or Alarm Receiving Centre (ARC), enabling a quick response.
In an ideal scenario, the alarm monitoring mechanisms discussed above will never need to be used – because intruders will be stopped in their tracks before they can even access the site.
Unfortunately, many data centres do not do enough to protect their perimeters and – no matter how difficult it is for unauthorised persons to gain entry to the building – that doesn’t stop them from placing bombs against external walls or attempting to drill into them. The risk is greater for data centres in cities where there is no space to build additional walls or put up fencing or other deterrents around the property.
An intruder alarm system at the perimeter, combined with sensors and CCTV monitoring, will provide that much-needed layer of protection. Intelligent CCTV monitoring systems can also tell the difference between a genuine intrusion and something irrelevant such as wildlife, reducing false alarms, and placing sensors on external walls helps to detect intrusion attempts.
For data centres that are yet to be built, it is worth using the natural terrain to one’s advantage, although this is not often possible in urban environments.
Access Control Monitoring
Access control monitoring must be implemented throughout the data centre. Employees should undergo multi-factor authentication when attempting to access the building itself, as well as server rooms, server cages, power supply rooms, and any other area of importance. No employee should be able to gain access to any such areas without using a combination of keycards, biometric identification, and access codes, for example.
It’s also important to keep a log of all access attempts and monitor them in real-time to quickly detect unauthorised activity.
Review access controls on a regular basis to ensure they are up to date and effective. This may involve revising user permissions or updating security protocols as needed.
Finally, make sure measures are taken to prevent tailgating, such as man traps. All staff should be trained on how to identify tailgating attempts so that they do not inadvertently enable unauthorised access by doing things such as holding the door open for others, when those individuals should not be entering the area in-question.
Vigilance is key, and staff should be mindful to leave such habits such as the above, at home.
Key Manager Systems
Using a key manager for issuing and tracking keys is another vital step to take, enabling you to keep tabs on keys to different areas of the facility – as well as keys used to access vital equipment.
Our key manager module lets operators validate and authorise the contact person to whom keys must be returned. When keys are issued, the time until their return is set, and keys overdue alarms can be set up to ensure that any potential issues are known as early as possible.
Protecting Against Environmental Risks
To protect against these threats, data centres can install sensors to detect potential hazards in real-time, ensuring that corrective action can be taken before the situation escalates.
That’s what the GeminiSense NB-IoT module is designed for – it enables organisations to monitor any sensor data stream at a low cost with low energy consumption.
In addition, analysing historical data helps to identify patterns relating to environmental conditions, which can help with long-term planning and risk mitigation.
Finally, when planning the construction of a new data centre, locations should be selected that have a low risk of flooding, landslides, wildfires, seismic activity, and other forms of extreme and unpredictable weather.
Weather patterns are changing at what may have been a safe area several years ago may not be anymore; managers of existing data centres may need to review weather patterns to ascertain whether additional environmental monitoring is needed in order to protect against new types of threats.
Data centres are high-value targets for physical and cyber threats and incidents have been on the rise for a number of years, with no signs of slowing down.
To improve security protection, data centres must implement a multi-layered approach and must not neglect to monitor the perimeter of the facility. CCTV monitoring, access control monitoring and intruder alarm systems should be configured throughout the facility for maximum coverage, ensuring all possible entrances are monitored, including vents. As well as using security cameras to protect the perimeter, sensors can be placed on external walls to detect intrusion attempts.
Access control monitoring includes multi-factor authentication, anti-tailgating measures, and key manager systems.
Finally, sensors can monitor all kinds of environmental conditions, protecting facilities through early detection.
Find out more about how our alarms monitoring software and other security systems can help to transform your data centre into an impenetrable fortress – contact us today to book a demo.