By Chris Skinner, Director of Security Technologies
The average cost of a data breach in the United States last year was $10.2 million, according to IBM.
Security measures like cameras with AI-powered analytics and encrypted, layered access control systems can help safeguard information at datacenters that are a prime target for cyber-crime.
IBM also found that 10% of data breaches are caused by physical compromises, underscoring the increased need for physical security measures as another layer of a datacenter’s cybersecurity stack.
Integration between these physical and digital security measures is vital to ensure the safety of these facilities.
Datacenters can face even higher operational costs with downtime and data loss.
These massive facilities house petabytes of ofren sensitive data and face all the same physical security challenges as other facilities, with much higher cybersecurity risk.
Perimeter Security
Perimeter security is the first layer of both physical and cybersecurity systems. Exterior cameras and access control systems monitor the area around the facility, and determine who can enter, but there are other factors to consider as well.
Perimeter security at datacenters should be built around three key technologies:
- Thermal cameras
- Radar detection
- Vehicle and individual access control
Many datacenters sit on hundreds of acres, and with a massive area to surveil, traditional cameras on their own do not provide the level of visibility necessary to secure the data held within.
Traditional cameras don’t have the effective range to monitor a facility of that size, and will lose visibility at night, or during inclement weather.
Thermal cameras can detect objects in low light and with AI analytics they can help determine whether they are a threat. Radar detectors can detect individuals and vehicles at significant distances, even when visibility is low.
Measures like these extend operational visibility and help to detect threats before they reach a perimeter fence.
Access Control
Access control using proximity cards represents a significant security risk and is well behind the curve of bad actors seeking to gain entry.
Proximity cards using RFID scanning can easily be copied by devices available on Amazon for as little as $20.
Access control in datacenters should require:
- Encryption across all access control devices
- Multi-factor authentication
- Biometrics for especially sensitive facilities
These systems should at the very least implment encrypted access control, if not two-factor authentication using biometrics.
All access points should be monitored by video surveillance. The latest cameras also offer AI-powered analytics that can monitor who comes and goes as well as alert security professionals to any suspicious activity.
The datacenter and server room on the property should be managed on its own access control system, sequestered from the rest of the facility entirely. These areas are the most sensitive in the facility and access should be closely managed.
Cloud access control systems give administrators the power to manage credentialing remotely, granting one-time or limited access to technicians or maintenance only when necessary.
Interior Security
Seucrity measures within the server room should extend beyond just surveillance cameras mounted to the walls or ceiling.
Cameras can be mounted on the racks to monitor who accesses what, and when.
Security systems within a datacenter’s most sensitive areas should also include a few specialized devices:
- Intrusion detection above the ceiling grid and below the static floor
- Independent access control systems for server rooms and individual racks
- Environmental sensors to monitor temperature and air quality
The cabinets can be secured with their own access control devices, tracking who opens a cabinet, and using cameras to record what work is done to create a documentation trail for all maintenance and access.
IoT devices like environmental sensors can also be installed to monitor other interior metrics like temperature, occupancy and air quality.
There are also sensors to monitor for off-gassing elements from lithium-ion batteries used in these facilities. We will cover those along with other fire protection measures recommended in datacenters in an upcoming blog post.
Device Management
At a facility like a datacenter holding sensitive and valuable information, any device connected to the network can also pose a cybersecurity risk.
Security professionals should ensure that any edge devices connected to their network are password protected, including cameras, access control devices and door entry intercoms.
Default or weak passwords can be compromised by brute force cyber-attacks in seconds, exposing the network to potential breaches. These vulnerabilities extend to other IoT devices like thermostats or speakers as well if they are not correctly managed.
Tech’s partners are also prepared to meet industry-specific privacy and security regulations like HIPAA, SOC-2 or ISO 21007 in facilities that fall under those regulations.
For more information on how your physical security should strengthen, and integrate with your cybersecurity solution, contact us.
