Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Data centre security is physical security

Issue 7 2021 Editor's Choice

By Andrew Seldon.

When it comes to data centre security, most people think of cybersecurity due to the amount of technology installed in these environments. For companies running their own data centres, cybersecurity is part of the job, but for collocated environments, where many companies have computing systems within the data centre, physical security is the most important aspect of the service they offer.

Hi-Tech Security Solutions spoke to Conrad Kock, principal practice lead at Dimension Data in South Africa, as well as Florian Kastl, director of security, EMEA for NTT (the parent company of Dimension Data) about the company’s local and international data centres and the processes they implement to secure them for their clients. Dimension Data (we will refer to the company as Dimension Data for the rest of the article since the name is more recognised in South Africa), host data centres around the world where various clients install their IT infrastructure (hence the term collocated).

The key to running a successful data centre is to provide clients with peace of mind that their systems and data are safe. Because the company does not have any knowledge of what is on the systems in the facility, it is not responsible for each system’s cybersecurity, but it must control access and make sure systems are available 24x7.

Starting with the big picture

One of Kastl’s tasks is to standardise the security process for all the company’s data centres in EMEA (including one that will be opened in Johannesburg). He says the first step is an environmental risk assessment to determine the suitability of the location as a whole. This includes everything from earthquake or flood risks, to access roads and crime in the area which relates to the types of attacks the facility may face.

Following that there are diverse categories of security to consider depending on the potential clients the facility will host. For example, government clients would demand more security and resilience than smaller companies. Kock explains that data centres make use of the tiering standards of the Uptime Institute, as one example, to determine the resilience of the facility.

Other standards Dimension Data makes use of include the TIA-942 standard for structured cabling, as well as the ISO standards (such as 27001 and others) which cover a host of aspects of the facility itself, from cabling to power and cooling redundancy, as well as physical access control and the operational processes.

Five steps of authentication

For Dimension Data, the company has set five steps of authentication in place to control access to its facilities. The people who may require access range from technicians sent to manage their customers’ racks and servers, through to service providers tasked with maintaining security, power and other internal systems.

The first step is onboarding an individual. An authorised representative would call the data centre and schedule the arrival of a person – only certain people may log these calls. The relevant identity information is conveyed and when the individual arrives, this is checked at the entrance and again in the reception area where his/her identity is verified. Dimension Data collects their biometrics and checks IDs with the Home Affairs database.

The person is also sent through an induction, which today would include Covid screening, to make sure they understand the environment and would know what to do if, for example, there was a fire alarm while they were inside the facility. Only then are they authenticated and allowed inside the data centre itself.

The final security layer is at the rack(s) where companies keep their equipment, again under lock and key – although biometric locks are also popular. People are escorted to their company’s racks to ensure they only work on their own kit.

Naturally, Kock says this is only the access control for individuals and there are various other security systems in place, from perimeter security, alarms and surveillance, including surveillance inside the company’s operations area and the isles between the racks etc. Fire safety is also critical and a bit more complex than a normal office environment.

Two types of fire safety

In general, there are two types of fire suppressions systems for the critical areas within a data centre. Computer equipment can obviously not be exposed to water, so fires in these areas can’t have sprinklers as a suppression system. In these areas Kock says the suppression is accomplished by reducing the oxygen content in the air to a level that does not support fire, but will still allow humans to breathe – although people should evacuate when the alarm sounds, which should occur at the first sign of smoke or excessive heat.

Part of a data centre’s resilience is its ability to withstand power cuts and the like via UPS systems and generators. In these areas, water mist is used to quench any fires as the equipment is not as sensitive to moisture as IT systems.

Levels of resilience

Kock notes that a data centre’s resilience is key to its success. All the systems within the facility must work together to ensure the promised levels of resilience are met. Generally, a Tier 3 data centre is the standard businesses opt for as it is ‘concurrently maintainable’. This means the facility has full redundancy.

In normal circumstances both systems, whether it is power generators, UPSs, cooling etc., are used together, but when one goes down, the other takes the full load. The outage may be the result of an Eskom power failure or even regular maintenance on systems. They key is customers don’t see any downtime and their operations carry on as normal as there is not a single point of failure.

Of course, where communications is concerned, these facilities have multiple feeds into and out of the facility as per client requirements, but again, redundancy and the ability to carry on as normal is critical. As noted above, depending on the data centre’s clients and purpose, the facility may require even higher resilience and failover capabilities.

Cybersecurity is also a concern

As we have noted, the cybersecurity aspect is primarily the concern of the individual customers as they control their systems and these are isolated from other systems. If one client is hit with ransomware, for example, the others will not be impacted.

However, Kastl notes that one area where cybersecurity is critical for data centre operators is in terms of its own building management systems (BMS). In a worst-case scenario, if miscreants could take over the BMS system, they could disrupt operations by changing the cooling or power management systems. In the case of Dimension Data, the BMS system in its data centres is physically separated from the general office network to prevent any unauthorised access or malware attacks.


Credit(s)

Tel: +27 11 543 5800
Email: malckey@technews.co.za
www: www.technews.co.za
Articles: More information and articles about Technews Publishing



Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

What is your ‘real’ security posture?
BlueVision Editor's Choice Information Security Infrastructure AI & Data Analytics
Many businesses operate under the illusion that their security controls, policies, and incident response plans will hold firm when tested by cybercriminals, but does this mean you are really safe?

Read more...
What is your ‘real’ security posture? (Part 2)
BlueVision Editor's Choice Information Security Infrastructure
In the second part of this series of articles from BlueVision, we explore the human element: social engineering and insider threats and how red teaming can expose and remedy them.

Read more...
From the editor's desk: The beginning of the end
Technews Publishing News & Events
            As we come to the final issue of SMART Security Solutions, we can look back on a tough year: long decision-making cycles, squeezed budgets and the expectation of miracles on a shoestring. SMART Security ...

Read more...
IQ and AI
Leaderware Editor's Choice Surveillance AI & Data Analytics
Following his presentation at the Estate Security Conference in October, Craig Donald delves into the challenge of balancing human operator ‘IQ’ and AI system detection within CCTV control rooms.

Read more...
AI and automation are rewriting the cloud security playbook
Technews Publishing AI & Data Analytics
Old-school security relied on rules-based systems that flagged only what was already known. AI flips the script: it analyses massive volumes of data in real-time, spotting anomalies that humans or static rules would miss.

Read more...
Onsite AI avoids cloud challenges
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure AI & Data Analytics
Most AI programs today depend on constant cloud connections, which can be a liability for companies operating in secure or high-risk environments. That reliance exposes sensitive data to external networks, but also creates a single point of failure if connectivity drops.

Read more...
Toxic combinations
Editor's Choice
According to Panaseer’s latest research, 70% of major breaches are caused by toxic combinations: overlapping risks that compound and amplify each other, forming a critical vulnerability to be exploited.

Read more...
Cybersecurity operations done right
LanDynamix SMART Security Solutions Technews Publishing Information Security
For smaller companies, the costs associated with acquiring the necessary skills and tools can be very high. So, how can these organisations establish and maintain their security profile amid constant attacks and evolving technology?

Read more...
Is your entrance security secure?
SMART Security Solutions Centurion Systems Technews Publishing News & Events Access Control & Identity Management Smart Home Automation
While Centurion Systems may be known as a leader in gate and door motors in 72 countries, the company has developed more than hardware and now offers an automation ecosystem for access control security.

Read more...
The impact of AI on security
Technews Publishing Information Security AI & Data Analytics
Today’s threat actors have moved away from signature-based attacks that legacy antivirus software can detect, to ‘living-off-the-land’ using legitimate system tools to move laterally through networks. This is where AI has a critical role to play.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.