Can vendors go unescorted in a secure colocation center?

You've sentenced your production servers to five-to-life lockdown in a secure colocation cage. Who's allowed to visit them?

Clive Longbottom

Published: 05 Dec 2014

Unescorted access to colocation facilities is a big NO.

That engineer coming in from ABC123 Computer Equipment Inc. to patch your cables is just like any other employee of any company. Can you personally vouch for him? Has ABC123 or its partners vetted the person's background to the extent that the colocation provider would have -- or to the same degree to which you vet employees?

You should have chosen a colocation partner after carrying out due diligence on every possible area of security. A secure colocation center vets all of its own employees; it only allows named personnel from your company to have access to your cage or rack; all people entering the facility are logged.

When looking for security vulnerabilities, think like a 'black hat' that wants access to one or more companies' information: The criminal could try corrupting an employee of each company or they could target just one relatively poorly paid engineer working for a third-party vendor. That support technician knows any weakness in the system, has all the "master keys" to certain systems, and understands where users might leave an area open by default or by mistake -- without any particular loyalty to the company that owns this IT infrastructure. An unhappy vendor employee is not only easier to corrupt, but they are more valuable too, as they have access to multiple systems.

To ensure a secure colocation center, always send an escort with a vendor's employee and verify that the technician has a proper job sheet stating what systems they should touch and what actions to take. Only the company that owns the IT equipment can permit the vendor to do anything not on the job sheet, such as log onto a different system or reboot a related system. If only the colocation center's escort communicates with the vendor, allow no changes.

Next Steps

Find out how to make sure your third-party data center is secure.

Dig Deeper on Data center design and facilities

Integrating security with robotic process automation RPA’s power is that it can mimic human behaviour. Enterprises must secure robotic automation with this principle in mind to avoid security failures

How to successfully perform a data center upgrade When data center hardware becomes outdated, there are a few options. Here are ways that admins can ensure that a migration is efficient and downtime is minimized.

Can companies safely fire an information security manager? An information security manager has access to many privileged systems in an organization, so letting one go can be tricky. Expert Mike O. Villegas explains how to handle the process.

Rank colocation companies with this checklist Use this checklist to make fair and comprehensive comparisons between colocation data center providers.

How does a wholesale data center differ from retail? One offers more control, while the other offers more flexible space. If you're considering a colocation facility, how do you decide between wholesale and retail?

Implement these data center security best practices Proper data center security standards help prevent dangerous, costly breaches to the business. Follow these steps for a safe and secure facility.

Clive Longbottom asks:

Are colocation centers as secure as on-premises owned data centers?

Join the Discussion

Related Q&A from Clive Longbottom

How can I build AI capabilities for the data center?

IT departments can integrate AI capabilities with their data center management workflows using machine learning algorithms that enable admins to ... Continue Reading

What network security methods do I need to keep data safe?

How can you maintain network security beyond the standard firewall and blacklisting tactics? Encryption and digital rights management can ensure ... Continue Reading

SIEM benefits include automated monitoring, malware mitigation

SIEM tools deliver automated alert actions, normalize log data and provide intelligent filtering, all of which can help IT administrators lighten ... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Data Center experts

View all Data Center questions and answers

Join the conversation

3 comments

Send me notifications when other members comment.

Oldest

[-]

Clive Longbottom - 5 Dec 2014 3:00 AM

Are colocation centers as secure as on-premises owned data centers?

tba089 - 9 Dec 2014 1:57 PM

Most colocation centers are actually more secure than on-site data centers. Most large colocation follow level 3 security procedures, including on-site monitoring and biometric scanning. Also, because using a colocation center means your data is stored off site, you have an added layer of security should your main facility come under a cyber attack.

Mirtoma - 17 Apr 2015 8:11 AM

In my opinion there is no difference.
It all depends on:
- the implemented procedures and consequences of their application
- personnel selection in the object
- separation of operating functions (administration, maintenance, incident response and change) and security functions
- supervision way of staff work

I have worked in both types of objects, and I know that in each case the relevant security violations occur due to the increasingly routine behavior of employees (managers too), which at one point becomes a deviations from procedures.

Can vendors go unescorted in a secure colocation center?