Manage Learn to apply best practices and optimize your operations.

Implement these data center security best practices

Proper data center security standards help prevent dangerous, costly breaches to the business. Follow these steps for a safe and secure facility.

Businesses can spend thousands to stop network intrusion, yet never notice that the new guy stocking a lobby vending...

machine at 4:00 am just strolled into an unlocked basement server room.

Data center security best practices eliminate this risk of harmful breaches to business and customer data.

Protecting data in storage subsystems and network traffic, malware and hacking attacks, and data leakage are popular security topics among data center pros, but they overlook fundamental physical security in the data center.

First rule of data center security best practices: Know who is and isn't authorized to be in the facility. Only a small number of IT staff should ever need to be in the server room since many routine monitoring and administrative tasks are achieved remotely.

The amount of IT staff members with access to the data center depends on the size of the business, the scope of the facility and the work. Base facility access on "least privilege" rights, reaching all the way up to a C-level executive. For example, several IT staff may have front-line responsibilities for server room maintenance, while other IT staff may be allowed access as needed for larger projects or special tasks.

Restrict access by locking all doors to the server room. If renovating the data center or seeking a new facility, allow minimal access doors for people, and minimize the number of doorways for equipment. Ensure secure storage or staging area for IT equipment off the loading dock, a secure preparation area for unloading and assembly, and a secure doorway from the preparation area to the data center. Doors, walls and cages should be windowless and hardened to resist break-ins. Man-traps can also be included as a more sophisticated access feature.

Security help

Organizations like the SANS Institute provide generic guidelines and recommendations for data center security. Third-party organizations that specialize in compliance auditing against SAS 70, SSAE 16 and other established regulations with controls around data processing and storage also make some recommendations for data center security.

Once you restrict access to the data center, think about the best way to guard that space. Tracking everyone who enters the facility is a crucial data center security standard. A badge-operated electronic locking system (with battery backup) is a good start -- it automatically logs individual access. Video surveillance is a good complement to monitor each access point and critical equipment location or cable closet. Rack, wiring, and room door switches can trigger cameras and security events, especially during off hours.

Escorted guests and off-hour workers

Data center security standards indicate that all guests should be escorted around the facility, and kept out of the actual data halls when possible. Visitors, such as vendor representatives, are relatively low risk because they arrive on-site during normal working hours. However, they should be logged and escorted at all times.

Sub-contractors, like cleaning staff and construction workers, or service providers, like telecom technicians, present a bigger security dilemma because they might need to enter the data center on weekends or off hours. Make sure security is in place to monitor and escort anyone who enters during non-business hours.

Dedicated entry and power rooms with separate secure access and video monitoring keep peripheral work away from the servers. Otherwise, an authorized employee might escort workers while on-site. Cleaning staff should simply not access the data center, which is cleaned differently than office space.

Security shortcuts

Employee security breaches -- sharing badges, piggy-backing entry to secure areas -- are mostly due to a lack of proper education and conscientious policy enforcement. While an incident like badge-borrowing might not seem serious, it underscores a broader lack of concern that opens the door for more serious incidents. Negligence is a data center security worst practice.

Examine security practices for IT staff and other employees. If there is no written security policy prohibiting shortcuts, add them to data center documents along with disciplinary consequences. Educate the staff about new or changed security practices. Involving employees in acceptable use and security decisions will encourage them to follow these rules.

Stephen J. Bigelow is a senior technology editor at TechTarget, covering data center and virtualization technologies. He acquired many CompTIA certifications in his more than two decades writing about the IT industry.

This was last published in January 2015

Dig Deeper on Data center design and facilities

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

4 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What advanced security measures would you take for higher-level data centers? Bullet-proof exterior window glass, concrete barricades, low-cut landscaping, 24-hour security guards?
Cancel
Can I say all the above? But in reality, I think it makes the most sense to have 24-hour security guards. That way, they can check an employee's access to the data center while ensuring complete safety.
Cancel
It seems that data centers could probably take a page from the early days of the PSTN and the National Archive buildings. These buildings are designed to be extremely fault tolerant (think earthquake, hurricane and tornado fault tolerant). We have a National Archive building in my city, and it looks like a military bunker. In addition to being virtually "nature proof" (granted, a rogue asteroid could probably take it out, but that's about it), they are also by their very design remarkably secure. Still, security is only as good as the people looking to keep it that way, to echo Michael's statement.
Cancel
Hello people. 
I have one question. 
What is the correct way to manage the keys of racks? 

We actually have the same key for a set of racks, but we´re analazing the posibility to manage 1 key per rack. 
The problem is that actually we have like 200 racks, thats means, we will need to manage the 200 keys, and that is inoperable.

Can you give me advices or another solution to get better our security envoirment,? 

Cancel

-ADS BY GOOGLE

SearchWindowsServer

SearchServerVirtualization

SearchCloudComputing

Close