Data Center Security
A data center is a facility that is designed to house organization's critical systems. It is important to have the necessary controls to mitigate the risk associated with data center threats which include the following:
- Natural threats such as weather events, flooding, earthquakes and fire
- Manmade threats such as terrorist incidents, riots, theft and sabotage
- Environmental hazards such as extreme temperatures and humidity
- Loss of utilities such as electrical power and telecommunications
In this age of advanced technology, it is easy to forget the importance of physical controls and focus your energy on logical controls. However, even with excellent logical access controls in place these physical threats can compromise your systems' security and availability.
Physical Security and Environmental Controls
Data centers should incorporate several types of facility-based preventive controls, commonly referred to as physical security and environmental controls, including facility access control systems, alarm systems and fire suppression systems.
Facility Access Control Systems
Facility access control systems authenticate workers prior to providing physical entry to facilities. PCI Data Security Standard (DSS) Requirement 9.1 requires existence of physical security controls to any area with systems containing cardholder data.
Alarm Systems
Because fire, water, extreme heat and humidity levels, power fluctuations and physical intrusions threaten data center operations and security, data centers should implement following alarm systems:
- Burglary
- Fire
- Water
- Humidity
- Power fluctuation
- Chemical and gas
Fire Suppression Systems
Fire is a major threat to data centers, data centers should be equipped with sophisticated fire-suppression systems and have a sufficient number of fire extinguishers.
System and Site Resiliency
Data centers should incorporate various types of controls to ensure systems remain available during critical business hours.
Power
Power fluctuations such as spikes, surges, sags, and black-outs can damage computer components and cause outages. Following systems need to be installed to provide clean power and redundancy.
- Redundant power feeds
- Ground to earth
- Power conditioning
- Battery backup systems
- Generators
- Heating, Ventilation and Air Conditioning (HVAC)
Since computer components require specific environmental conditions to operate reliably, HVAC systems are required.
Network Connectivity
It's a common practice for data center facilities to have redundant Internet and WAN connections via multiple carriers.
Data Center Operations
Data center operations should be governed by following policies, plans and procedures.
- Physical access control
- Systems and facility monitoring
- Facility and equipment planning, tracking and maintenance
- Response procedures for outages, emergencies and alarm conditions