When assessing data center physical security, managers break it down into various protection perimeters, or what Ted Martin, vice president of operations at data center colocation firm Digital Realty Trust (DRT), calls "circles of engagement." These three circles encompass the exterior of the facility, which has the greatest access; common areas inside the facility where some people have access; and the data core, which has the least...
amount of access.
To protect these areas, the most widely used access control technologies are smart cards and Internet Protocol (IP)-based cameras -- with biometric readers quickly becoming more commonplace as well.
Smart cards getting smarter
ID cards with embedded technologies offer a simple solution for access control and provide a high level of protection. At DRT, to gain access into the building and common areas, clients swipe their cards and their pictures come up on a screen. Security then verifies the clients' identities. These cards can also be programmed for biometrics.
Denver-based data center hosting company Latisys has incorporated biometrics into its clients' cards, and clients have their handprints scanned into their cards and can only gain access to the building by scanning handprint readers on the door. To access the data core, clients swipe their cards, which then lights up a biometric reader. The client's hand has to match to gain entry.
DRT offers a biometrics option for its clients into its data center core. Martin suggests using the finger readers, as they seem to be inexpensive and the least problematic as compared with others.
Noel Rojas, senior vice president of corporate security Terremark, likes the simplicity in adding or deleting access to the cards. Unlike keys in the past, Rojas says you don't have to worry about former employees, as their cards can be deactivated.
Rojas warned there are costs and labor associated with the implementation of biometrics on these cards. Each ready-access card costs $10 to $15, and there is a whole process involved on the front end with programming the cards with the client's biometric information into the system.
However, the biometrics add an additional level of security. "We have never had a security breech -- knock on wood," said Corey Needles, data center manager at Latisys. "And I do believe it does deter [breeches] with biometrics in place."
Just like smart cards, IP cameras can be programmed to do many functions and, just as importantly, work with other security technologies. For example, if someone swipes in with a smart card, a camera in that area can then zoom in on that particular door and show that picture in the network operations center (NOC). Martin keeps the data information that is recorded on his cameras for 90 days in case a report incident happens.
For access to all data center floor space and network "meet me" rooms, Latisys uses a combination of digital camera, card and biometric scanners. Upon arrival to Latisys' facilities, clients must contact the NOC in order to gain access to the secured "man-trap" area. They require three-factor authentication with a photo ID to proceed past the man trap, authenticated card and biometric hand scan to gain access to the data center.
Along with the increased surveillance IP cameras provide, they are easy to install. "Nowadays the IP-camera systems are much more flexible," said Needles. Gone are the days of dealing with coaxial cables and having to run them through a facility's infrastructure.
When is it time to upgrade access control security?
In approaching the job of physical security, managers not only rely on their own experience, but their clients' requirements and the technologies that are available. Clients such as government bodies will bring their own set of expectations to the table, Needles said.
He explained that in order to get the business, data centers have to be willing to implement specific security measures. Martin also sees this with his company's clients. "Security is a critical requirement for most of our customers, and that we meet certain standards," says Martin.
In terms of looking at new technologies, Needles says his company updates security technology every year to eighteen months, and when the company is building out new facilities.
What did you think of this feature? Write to SearchDataCenter.com's Matt Stansberry about your data center concerns at firstname.lastname@example.org.\