When looking at data centers, enterprise customers have historically wanted to see bells and whistles — the lights on servers. But that is a mindset that is slowly evolving into utilizing the cloud or hybrid solutions between physical hardware and the cloud. With the shifting mindset, customers want to make sure the space, power, and security are as close to 100% reliable 24x7x365 as possible. They do not want to second guess these basic elements.
Clients are particularly careful regarding security with colocation solutions because it is inherently shared space and outside of the enterprise’s direct control. Each colocation provider takes slightly different approaches to physical security, but at the root it is basically the same. There is a set of standard security features that any world class colocation provider’s environment will have in place. The difference comes when one gets to enhanced security features and specific security regulations. Here is what to look for regarding physical security at a colocation data center facility.
Data Center Security is not just ACL on a router and firewalls. Physical colocation requires a minimum of “five rings of security.” These five security features are a must for all colocation providers and cover exterior public spaces all the way to the individual server housings.
These five rings of data center security are in addition to any security personnel that is on site and security cameras throughout the data center.
While the five rings offer a good security foundation, many clients are interested in additional security features. Many of these requirements focus less on access and more on the physical security of cabinets, cages, and servers. Commonly requested additional security options include:
These requests are often easy to accommodate, but require discussion prior to moving into the colocation facility.
Security standards and regulations are another aspect in the colocation arena where providers can set themselves apart. Any colocation solution will adhere to ISO 27001 and some level of SOC (though the specifics and types may vary), but it is important to ask before signing a contract.
Differences can be seen in other compliance standards. PCI DSS (Payment Card Industry Data Security Standard) for instance has its own set of well-outlined security requirements. Not all data center facilities will meet PCI compliance, so it is important to ask specifically if that need exists. The same applies for HIPAA (Health Insurance Portability and Accountability Act). While specific security requirements are not as clearly outlined in HIPAA documentation, if this is a necessary compliance standard it is important to make sure the chosen colocation provider and data center facility can meet these needs.
The dedicated, hard-working employees within the data center day in and day out will always be the first line of defense. It is necessary to ensure that the personnel within the data center being considered are as solid as the cameras and the biometric measures in place. A solid support system at all levels of infrastructure, security, and personnel within the data center are vital to a secure, successful deployment.
Security at a colocation data center serves several functions — from keeping servers safe to ensuring packages sent to the facility are received and correctly delivered. In addition to power and space, good security (physical, policies, and practices) is one of the biggest requirements clients have. Make physical security a key discussion point when shopping for colocation vendors and ask to tour the facility in order to experience the security features in person.