Blog
03.14.22

Why Physical Security in Data Centers is So Important

While most discussions of security in data centers revolve around cyberattacks, that’s only part of the equation. Data centers responsible for the storage and transfer of important information must install physical measures that keep these sites secure and safe. 

Here are the reasons why data centers need physical security

Power Outages 

As proven by Facebook’s recent power outage, any company is prone to physical threats. The outage caused a configuration change to the backbone routers that coordinate network traffic to and from the company’s data centers. Do not solely rely on electrical grids to power your servers. Instead, have multiple backup sources to allow the data center to continue running in the event of damage to the power. Servers take time to reboot, and any interruptions can cause a massive disruption to your productivity and bottom line. 

When it comes to physical security in data centers, it’s important to store data in multiple data centers as well for enhancing protection. This improves the uptime of your data and allows faster recovery of data loss. 

Outdated Access Control Systems 

Most data centers still use outdated access control systems. Whether it’s passwords, wired access control systems, or even traditional key locks, these give modern thieves and attackers the upper hand in breaching and entering secured spaces. 

Entry to a data center should be managed with strict procedures to control and monitor visitor access. Simple physical installations can be installed, such as a physical barrier, a trembler wire, surveillance cameras, and even hiring a full-staff 24/7 security team. 

Additionally, it’s crucial to stay up to date with the latest access control technology. This includes incorporating AI and biometrics such as facial authentication for access or a user-generated code to a mobile device.

Lack of Protocol to Vet Contractors 

It’s common for data centers to use third-party vendors to service their data rooms. Without a strong hiring process for employees and vendors, it’s easy to leave the door open for potential threats. A simple background check or speaking to references isn’t enough. 

When it comes to a contractor’s data security policies, all sensitive information needs to be encrypted, and you should be the one to hold the encryption key. This protects against a potential breach from the vendor side. Make sure that role-based access is given. That means the authorized vendor employees only have access to the information needed for the role and do not complete authorization. 

Any contractor or vendor you partner with should utilize software that is set up to receive regular security updates so that sensitive information won’t be left vulnerable. Ultimately, it’s your decision to entrust sensitive information to a third party. Remember that you are your own most-trusting ally for managing the flow of data to vendors. Following proper due diligence for vetting, vendors help you make informed decisions and increase compliance with appliance regulations and laws. 

Social Engineering Attacks

Social engineering involves deceiving individuals within the company to divulge personal and confidential information that could be used for fraudulent activities. These attacks can happen in a myriad of ways with or without technology. They can test your staff’s competency by calling security on people they don’t know, walk-in without badges, or confirming whether a call is coming from a particular source. 

For example, a cybercriminal can easily call an assistant pretending to be someone higher-up to phish for specific information. Or they can impersonate an assistant and contact the bookkeeper to request payment information. 

There are some frightening in-person social engineering attacks as well, such as:

  • – Someone pretends to be the service technician who has an appointment with an executive to solve a particular issue. 
  • Tailgating occurs when a person follows someone into a room, the attacker can slip right in. 
  • – Someone leaves a device behind on purpose so that hopefully someone finds it and plugs it into their business system, which automatically installs malware to their computer. 
  • – An attacker asks a user to use their already logged-in computer. 

Whether physical, digital, or even phone social engineering, it’s important to train employees to safeguard against sharing confidential information. Every company should always verify that each person is who they claim to be and that the person is authorized for access or request. 

Potential Fire Hazards 

Fire safety should be a priority for data centers. Many possibilities can cause fires both inside and outside the facilities. Some examples of fire hazards within a data center are: 

– Equipment and wiring overheating 

– Electric overloads and short-circuits 

– Storage of flammable gasses and liquids 

– Storage of flammable equipment

First, it’s important to house data on the cloud so that data won’t be lost in the event of a fire. There are some ways to implement fire prevention in data centers, such as: 

– Nebulized water fire-suppression systems and tools like hydrants and fire extinguishers 

– 24/7 on-site security staff 

– CCTV and video surveillance 

– Smoke detected below raised floors and on ceilings 

– Early fire detection systems that detect smoke before a major fire starts

– Cooling, humidity control, and temperature monitoring systems

The Insider Threat

Employees steal data from their workplaces because they may see an opportunity to expose something damaged as a personal vendetta or sell sensitive information. This can especially be true for private companies and government agencies. Nowadays, it’s very easy to sell stolen data, which increases the likelihood of people trying it. Or perhaps, the employee plans to set up a competing business. 

Only provide access to sensitive data at the appropriate time where an action is required. Also, establish data security governance policies for the organization so that everyone is focused on identifying and mitigating the risks to data security. Consider denying the use of storage devices like USB thumb drives and personal email accounts. Also, use a password manager that doesn’t give the real password to the employee; rather, it only allows access to the tool through an identification process.  

Protect Your Data Centers from Physical Threats

Every data center is responsible for having a prevention and safety protocol for physical threats. Once physical access has been breached, it’s easy for data to be lost or tampered with. In today’s world, your organization is prone to both digital and physical threats. Attackers are becoming smarter and finding more elaborate ways to phish information. Fortunately, it’s entirely preventable by installing protocols, systems, and technologies to safeguard sensitive data within the company. Browse the Alcatraz site to learn more about AI security technology or book a demo to see how you can improve your existing security system.

Free Ebook

img

Free Ebook

Download this Ebook to learn about secure AI-Driven Identity Verification for Access Control

  • What is AI-driven identity verification?
  • How does AI-driven identity verification relate to physical access control and elevate security?
  • Facial Authentication vs. Facial Recognition
  • Applications of identity verification in specific verticals
Download Now