Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Can vendors go unescorted in a secure colocation center?

You've sentenced your production servers to five-to-life lockdown in a secure colocation cage. Who's allowed to visit them?

Clive Longbottom
Quocirca
Follow:

Unescorted access to colocation facilities is a big NO.

That engineer coming in from ABC123 Computer Equipment Inc. to patch your cables is just like any other employee of any company. Can you personally vouch for him? Has ABC123 or its partners vetted the person's background to the extent that the colocation provider would have -- or to the same degree to which you vet employees?

You should have chosen a colocation partner after carrying out due diligence on every possible area of security. A secure colocation center vets all of its own employees; it only allows named personnel from your company to have access to your cage or rack; all people entering the facility are logged.

When looking for security vulnerabilities, think like a 'black hat' that wants access to one or more companies' information: The criminal could try corrupting an employee of each company or they could target just one relatively poorly paid engineer working for a third-party vendor. That support technician knows any weakness in the system, has all the "master keys" to certain systems, and understands where users might leave an area open by default or by mistake -- without any particular loyalty to the company that owns this IT infrastructure. An unhappy vendor employee is not only easier to corrupt, but they are more valuable too, as they have access to multiple systems.

To ensure a secure colocation center, always send an escort with a vendor's employee and verify that the technician has a proper job sheet stating what systems they should touch and what actions to take. Only the company that owns the IT equipment can permit the vendor to do anything not on the job sheet, such as log onto a different system or reboot a related system. If only the colocation center's escort communicates with the vendor, allow no changes.

Next Steps

Find out how to make sure your third-party data center is secure.

This was last published in December 2014

Dig Deeper on Data center design and facilities

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Meet all of our Data Center experts

View all Data Center questions and answers

Join the conversation

3 comments

Send me notifications when other members comment.

Register

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Are colocation centers as secure as on-premises owned data centers?
Cancel
Most colocation centers are actually more secure than on-site data centers. Most large colocation follow level 3 security procedures, including on-site monitoring and biometric scanning. Also, because using a colocation center means your data is stored off site, you have an added layer of security should your main facility come under a cyber attack.
Cancel
In my opinion there is no difference.
It all depends on:
- the implemented procedures and consequences of their application
- personnel selection in the object
- separation of operating functions (administration, maintenance, incident response and change) and security functions
- supervision way of staff work

I have worked in both types of objects, and I know that in each case the relevant security violations occur due to the increasingly routine behavior of employees (managers too), which at one point becomes a deviations from procedures.
Cancel

-ADS BY GOOGLE

SearchWindowsServer

SearchServerVirtualization

SearchCloudComputing

Close