Physical security for data center infrastructure

I’ve always found it interesting that data centers seem to be of two minds when it comes to physical security.  Most data centers employ elaborate, multilayered physical security strategies to control access to their IT devices.  Security guards, access badges, security code generators, turnstiles, biometric devices and webcams can all be found in abundance protecting the “white space” of every well operated/well designed data center.   Yet these same data centers will secure their “grey space” devices such as generators, chillers and fuel supplies using only the most rudimentary of security devices. 

Obviously, the threat of data theft and other cyber attacks demand a high level of physical security for the white space.  But physical security is also about preventing loss or damage to critical physical infrastructure components. 

For data centers, physical security is also about reliability and operational continuity.  Leaving critical electrical or mechanical infrastructure relatively unprotected provides the thief, disgruntled employee, corporate saboteur or state sponsored agent a handy and quick path to disrupt data center uptime. 

In my career, I’ve seen a number of instances where simple thieves took advantage of unprotected grey space data center assets and caused data center outages.  In one case, thieves used bolt cutters to access the emergency generator yard of a suburban data center.  They quickly made off with 10,000 gallons of diesel fuel from a storage tank.  (The thieves were savvy enough to trick the Veeder Root system into not sending a tank low level alarm.)  Later that month, a lightning strike took out utility power.  The generators ran for a few minutes until their day tanks went dry.  Then they sputtered and failed; plunging the data center into darkness. 

In another case, a bold pair of copper thieves stole drycoolers coils from the roof of an operating data center.  After the staff went home for the night, thieves cut a padlock that secured the ladder to the building’s roof.  A few minutes later camera footage shows the thieves tossing copper coils off the roof of the data center into the bed of their waiting truck.  A few minutes later, servers started shutting off on overtemp.                

If simple thieves can cause this sort of mayhem and data center downtime, image what a well coordinated attack on your physical infrastructure could achieve.  Protect your WHOLE data center.  Consult a physical security professional to evaluate your vulnerability.  Penetration testing in not just for IT systems.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: