Unescorted access to colocation facilities is a big NO.
That engineer coming in from ABC123 Computer Equipment Inc. to patch your cables is just like any other employee of any company. Can you personally vouch for him? Has ABC123 or its partners vetted the person's background to the extent that the colocation provider would have -- or to the same degree to which you vet employees?
You should have chosen a colocation partner after carrying out due diligence on every possible area of security. A secure colocation center vets all of its own employees; it only allows named personnel from your company to have access to your cage or rack; all people entering the facility are logged.
When looking for security vulnerabilities, think like a 'black hat' that wants access to one or more companies' information: The criminal could try corrupting an employee of each company or they could target just one relatively poorly paid engineer working for a third-party vendor. That support technician knows any weakness in the system, has all the "master keys" to certain systems, and understands where users might leave an area open by default or by mistake -- without any particular loyalty to the company that owns this IT infrastructure. An unhappy vendor employee is not only easier to corrupt, but they are more valuable too, as they have access to multiple systems.
To ensure a secure colocation center, always send an escort with a vendor's employee and verify that the technician has a proper job sheet stating what systems they should touch and what actions to take. Only the company that owns the IT equipment can permit the vendor to do anything not on the job sheet, such as log onto a different system or reboot a related system. If only the colocation center's escort communicates with the vendor, allow no changes.
Find out how to make sure your third-party data center is secure.
Dig Deeper on Data center design and facilities
Related Q&A from Clive Longbottom
Our small colocation provider's other customers have been under DDoS attacks that affected our infrastructure. The colo null routes the bad IP ... Continue Reading
Should facilities and IT teams agree on one cohesive DCIM tool for everything in the data center? Are DCIM vendors offering that? Continue Reading
What tools can I use to manage capacity to accommodate further VM growth in a complex IT environment? Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.