Data centre security is physical security

Issue 7 2021 Editor's Choice

When it comes to data centre security, most people think of cybersecurity due to the amount of technology installed in these environments. For companies running their own data centres, cybersecurity is part of the job, but for collocated environments, where many companies have computing systems within the data centre, physical security is the most important aspect of the service they offer.

Hi-Tech Security Solutions spoke to Conrad Kock, principal practice lead at Dimension Data in South Africa, as well as Florian Kastl, director of security, EMEA for NTT (the parent company of Dimension Data) about the company’s local and international data centres and the processes they implement to secure them for their clients. Dimension Data (we will refer to the company as Dimension Data for the rest of the article since the name is more recognised in South Africa), host data centres around the world where various clients install their IT infrastructure (hence the term collocated).

The key to running a successful data centre is to provide clients with peace of mind that their systems and data are safe. Because the company does not have any knowledge of what is on the systems in the facility, it is not responsible for each system’s cybersecurity, but it must control access and make sure systems are available 24x7.

Starting with the big picture

One of Kastl’s tasks is to standardise the security process for all the company’s data centres in EMEA (including one that will be opened in Johannesburg). He says the first step is an environmental risk assessment to determine the suitability of the location as a whole. This includes everything from earthquake or flood risks, to access roads and crime in the area which relates to the types of attacks the facility may face.

Following that there are diverse categories of security to consider depending on the potential clients the facility will host. For example, government clients would demand more security and resilience than smaller companies. Kock explains that data centres make use of the tiering standards of the Uptime Institute, as one example, to determine the resilience of the facility.

Other standards Dimension Data makes use of include the TIA-942 standard for structured cabling, as well as the ISO standards (such as 27001 and others) which cover a host of aspects of the facility itself, from cabling to power and cooling redundancy, as well as physical access control and the operational processes.

Five steps of authentication

For Dimension Data, the company has set five steps of authentication in place to control access to its facilities. The people who may require access range from technicians sent to manage their customers’ racks and servers, through to service providers tasked with maintaining security, power and other internal systems.

The first step is onboarding an individual. An authorised representative would call the data centre and schedule the arrival of a person – only certain people may log these calls. The relevant identity information is conveyed and when the individual arrives, this is checked at the entrance and again in the reception area where his/her identity is verified. Dimension Data collects their biometrics and checks IDs with the Home Affairs database.

The person is also sent through an induction, which today would include Covid screening, to make sure they understand the environment and would know what to do if, for example, there was a fire alarm while they were inside the facility. Only then are they authenticated and allowed inside the data centre itself.

The final security layer is at the rack(s) where companies keep their equipment, again under lock and key – although biometric locks are also popular. People are escorted to their company’s racks to ensure they only work on their own kit.

Naturally, Kock says this is only the access control for individuals and there are various other security systems in place, from perimeter security, alarms and surveillance, including surveillance inside the company’s operations area and the isles between the racks etc. Fire safety is also critical and a bit more complex than a normal office environment.

Two types of fire safety

In general, there are two types of fire suppressions systems for the critical areas within a data centre. Computer equipment can obviously not be exposed to water, so fires in these areas can’t have sprinklers as a suppression system. In these areas Kock says the suppression is accomplished by reducing the oxygen content in the air to a level that does not support fire, but will still allow humans to breathe – although people should evacuate when the alarm sounds, which should occur at the first sign of smoke or excessive heat.

Part of a data centre’s resilience is its ability to withstand power cuts and the like via UPS systems and generators. In these areas, water mist is used to quench any fires as the equipment is not as sensitive to moisture as IT systems.

Levels of resilience

Kock notes that a data centre’s resilience is key to its success. All the systems within the facility must work together to ensure the promised levels of resilience are met. Generally, a Tier 3 data centre is the standard businesses opt for as it is ‘concurrently maintainable’. This means the facility has full redundancy.

In normal circumstances both systems, whether it is power generators, UPSs, cooling etc., are used together, but when one goes down, the other takes the full load. The outage may be the result of an Eskom power failure or even regular maintenance on systems. They key is customers don’t see any downtime and their operations carry on as normal as there is not a single point of failure.

Of course, where communications is concerned, these facilities have multiple feeds into and out of the facility as per client requirements, but again, redundancy and the ability to carry on as normal is critical. As noted above, depending on the data centre’s clients and purpose, the facility may require even higher resilience and failover capabilities.

Cybersecurity is also a concern

As we have noted, the cybersecurity aspect is primarily the concern of the individual customers as they control their systems and these are isolated from other systems. If one client is hit with ransomware, for example, the others will not be impacted.

However, Kastl notes that one area where cybersecurity is critical for data centre operators is in terms of its own building management systems (BMS). In a worst-case scenario, if miscreants could take over the BMS system, they could disrupt operations by changing the cooling or power management systems. In the case of Dimension Data, the BMS system in its data centres is physically separated from the general office network to prevent any unauthorised access or malware attacks.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Digital transformation in mines
NEC XON Technews Publishing Mining (Industry)
Digital transformation has been hyped to death, but is a reality all companies in all industries need to address, including the mining sector. BCX and NEC XON weigh in on the challenges mines face.

Read more...
Fire safety in mining
Technews Publishing Mining (Industry)
Clinton Hodgson, Head of the Industrial Fire & Life Safety Division at FS Systems International, provides SMART Security Solutions with his insights into fire safety risks and solutions as they pertain to the mining industry.

Read more...
Cybersecurity in mining
Technews Publishing Mining (Industry)
One does not usually associate mining with cybersecurity, but as big technology users (including some legacy technology that was not designed for cyber risks), mines are at risk from cyber threats in several areas.

Read more...
Mines require proof of performance
Technews Publishing Mining (Industry)
The relatively hostile environment and remote locations of mining establishments mean that any electronic/technical implementations have to be easily installed, require little or no maintenance and, once commissioned, require no adjustment.

Read more...
From the Editor's Desk: Something old and something new
Technews Publishing News & Events
      Welcome to the 2024 edition of SMART Security Solutions’ Mining Handbook. Mining is a challenging industry for security professionals, although security is a challenge on this continent, no matter your ...

Read more...
Enhance control rooms with surveillance and intelligence
Leaderware Editor's Choice Surveillance Mining (Industry)
Dr Craig Donald advocates the use of intelligence and smart surveillance to assist control rooms in dealing with the challenges of the size and dispersed nature common in all mining environments.

Read more...
A long career in mining security
Technews Publishing Editor's Choice Mining (Industry) Risk Management & Resilience
Nash Lutchman recently retired from a security and law enforcement career, initially as a police officer, and for the past 16 years as a leader of risk and security operations in the mining industry.

Read more...
A constant armed struggle
Technews Publishing XtraVision Editor's Choice Integrated Solutions Mining (Industry) IoT & Automation
SMART Security Solutions asked a few people involved in servicing mines to join us for a virtual round table and give us their insights into mine security today. A podcast of the discussion will be released shortly-stay tuned.

Read more...
Risk management: There's an app for that
Editor's Choice News & Events Risk Management & Resilience
Zulu Consulting has streamlined the corporate risk management process with the launch of Risk-IO, a web-based app designed to consolidate and guide risk managers through the process, monitoring progress as one proceeds.

Read more...
Integrated information platform for risk management
Editor's Choice News & Events Risk Management & Resilience
Online Intelligence recently launched version 7 of its CiiMS risk and security platform. Speaking to SMART Security Solutions after the launch event, the company’s Arnold van den Bout described the enhancements in version 7.

Read more...