Data centre security is physical security

Issue 7 2021 Editor's Choice

When it comes to data centre security, most people think of cybersecurity due to the amount of technology installed in these environments. For companies running their own data centres, cybersecurity is part of the job, but for collocated environments, where many companies have computing systems within the data centre, physical security is the most important aspect of the service they offer.

Hi-Tech Security Solutions spoke to Conrad Kock, principal practice lead at Dimension Data in South Africa, as well as Florian Kastl, director of security, EMEA for NTT (the parent company of Dimension Data) about the company’s local and international data centres and the processes they implement to secure them for their clients. Dimension Data (we will refer to the company as Dimension Data for the rest of the article since the name is more recognised in South Africa), host data centres around the world where various clients install their IT infrastructure (hence the term collocated).

The key to running a successful data centre is to provide clients with peace of mind that their systems and data are safe. Because the company does not have any knowledge of what is on the systems in the facility, it is not responsible for each system’s cybersecurity, but it must control access and make sure systems are available 24x7.

Starting with the big picture

One of Kastl’s tasks is to standardise the security process for all the company’s data centres in EMEA (including one that will be opened in Johannesburg). He says the first step is an environmental risk assessment to determine the suitability of the location as a whole. This includes everything from earthquake or flood risks, to access roads and crime in the area which relates to the types of attacks the facility may face.

Following that there are diverse categories of security to consider depending on the potential clients the facility will host. For example, government clients would demand more security and resilience than smaller companies. Kock explains that data centres make use of the tiering standards of the Uptime Institute, as one example, to determine the resilience of the facility.

Other standards Dimension Data makes use of include the TIA-942 standard for structured cabling, as well as the ISO standards (such as 27001 and others) which cover a host of aspects of the facility itself, from cabling to power and cooling redundancy, as well as physical access control and the operational processes.

Five steps of authentication

For Dimension Data, the company has set five steps of authentication in place to control access to its facilities. The people who may require access range from technicians sent to manage their customers’ racks and servers, through to service providers tasked with maintaining security, power and other internal systems.

The first step is onboarding an individual. An authorised representative would call the data centre and schedule the arrival of a person – only certain people may log these calls. The relevant identity information is conveyed and when the individual arrives, this is checked at the entrance and again in the reception area where his/her identity is verified. Dimension Data collects their biometrics and checks IDs with the Home Affairs database.

The person is also sent through an induction, which today would include Covid screening, to make sure they understand the environment and would know what to do if, for example, there was a fire alarm while they were inside the facility. Only then are they authenticated and allowed inside the data centre itself.

The final security layer is at the rack(s) where companies keep their equipment, again under lock and key – although biometric locks are also popular. People are escorted to their company’s racks to ensure they only work on their own kit.

Naturally, Kock says this is only the access control for individuals and there are various other security systems in place, from perimeter security, alarms and surveillance, including surveillance inside the company’s operations area and the isles between the racks etc. Fire safety is also critical and a bit more complex than a normal office environment.

Two types of fire safety

In general, there are two types of fire suppressions systems for the critical areas within a data centre. Computer equipment can obviously not be exposed to water, so fires in these areas can’t have sprinklers as a suppression system. In these areas Kock says the suppression is accomplished by reducing the oxygen content in the air to a level that does not support fire, but will still allow humans to breathe – although people should evacuate when the alarm sounds, which should occur at the first sign of smoke or excessive heat.

Part of a data centre’s resilience is its ability to withstand power cuts and the like via UPS systems and generators. In these areas, water mist is used to quench any fires as the equipment is not as sensitive to moisture as IT systems.

Levels of resilience

Kock notes that a data centre’s resilience is key to its success. All the systems within the facility must work together to ensure the promised levels of resilience are met. Generally, a Tier 3 data centre is the standard businesses opt for as it is ‘concurrently maintainable’. This means the facility has full redundancy.

In normal circumstances both systems, whether it is power generators, UPSs, cooling etc., are used together, but when one goes down, the other takes the full load. The outage may be the result of an Eskom power failure or even regular maintenance on systems. They key is customers don’t see any downtime and their operations carry on as normal as there is not a single point of failure.

Of course, where communications is concerned, these facilities have multiple feeds into and out of the facility as per client requirements, but again, redundancy and the ability to carry on as normal is critical. As noted above, depending on the data centre’s clients and purpose, the facility may require even higher resilience and failover capabilities.

Cybersecurity is also a concern

As we have noted, the cybersecurity aspect is primarily the concern of the individual customers as they control their systems and these are isolated from other systems. If one client is hit with ransomware, for example, the others will not be impacted.

However, Kastl notes that one area where cybersecurity is critical for data centre operators is in terms of its own building management systems (BMS). In a worst-case scenario, if miscreants could take over the BMS system, they could disrupt operations by changing the cooling or power management systems. In the case of Dimension Data, the BMS system in its data centres is physically separated from the general office network to prevent any unauthorised access or malware attacks.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Surveillance on the perimeter
Axis Communications SA Hikvision South Africa Technews Publishing Editor's Choice Perimeter Security, Alarms & Intruder Detection
Cameras have long been a feature in perimeter security, with varying reports of success and failure, often dependent on the cameras’ planning, installation and configuration, as well as their integration with other perimeter solutions and centralised management platforms.

Read more...
Onyyx wireless alarm
Technews Publishing Editor's Choice Smart Home Automation
IDS has introduced Onyyx, a wireless alarm system engineered to provide complete system control via the Onyyx app or keyring, as well as seamless installation.

Read more...
Visual verification raises the security game
Videofied SA Technews Publishing Editor's Choice Perimeter Security, Alarms & Intruder Detection
Incorporating alarm signals with live surveillance footage, visual verification enables a human observer in a control room (onsite or offsite) to gain a clear understanding of the situation, thereby facilitating informed decision-making.

Read more...
The AX Hybrid PRO Series offers reliable wired and wireless protection
Hikvision South Africa Editor's Choice Perimeter Security, Alarms & Intruder Detection Products & Solutions
Hikvision has announced the launch of a new AX Hybrid PRO alarm system with innovative Hikvision ‘Speed-X’ transmission technology. This system offers reliable wired protection while delivering expanded flexibility with seamless wireless integration.

Read more...
Intrusion Selection Guide 2024
Technews Publishing Perimeter Security, Alarms & Intruder Detection
The Intrusion Selection Guide 2024 includes the latest products and solutions aimed at small, medium, and large operations that require reliable, easy-to-install, set-up, and use intruder detection technology that reduces false alarms but never misses an actual event.

Read more...
Perimeter Selection Guide
Technews Publishing Perimeter Security, Alarms & Intruder Detection
The Perimeter Selection Guide 2024 includes the latest products, solutions, and management platforms for small, medium, and large operations that require reliable, durable, and integrated perimeter security solutions.

Read more...
Advanced Perimeter Intrusion Detection Systems
XtraVision OPTEX Technews Publishing Modular Communications Perimeter Security, Alarms & Intruder Detection Integrated Solutions Products & Solutions
Making full use of fibre installations around the perimeter by adding Perimeter Intrusion Detection Systems means you can easily add another layer of security to existing surveillance and fencing systems.

Read more...
A critical component of perimeter security
Nemtek Electric Fencing Products Gallagher Technews Publishing Stafix Editor's Choice Perimeter Security, Alarms & Intruder Detection Integrated Solutions
Electric fences are standard in South Africa, but today, they also need to be able to integrate with other technologies and become part of a broader perimeter security solution.

Read more...
SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...