Understanding the Physical Security of Colocation Data Centers

Elements of Physical Data Center Security

February 26

When looking at data centers, enterprise customers have historically wanted to see bells and whistles — the lights on servers. But that is a mindset that is slowly evolving into utilizing the cloud or hybrid solutions between physical hardware and the cloud. With the shifting mindset, customers want to make sure the space, power, and security are as close to 100% reliable 24x7x365 as possible. They do not want to second guess these basic elements.

Clients are particularly careful regarding security with colocation solutions because it is inherently shared space and outside of the enterprise’s direct control. Each colocation provider takes slightly different approaches to physical security, but at the root it is basically the same. There is a set of standard security features that any world class colocation provider’s environment will have in place. The difference comes when one gets to enhanced security features and specific security regulations. Here is what to look for regarding physical security at a colocation data center facility.

5 Rings of Data Center Security

Data Center Security is not just ACL on a router and firewalls. Physical colocation requires a minimum of “five rings of security.” These five security features are a must for all colocation providers and cover exterior public spaces all the way to the individual server housings.

  1. Entering the building – Is the perimeter of the building secure and are there security features to enter the building, such as cameras covering 360 degrees of the building’s exterior, biometric readers and/or security guards?
  2. Entering the man trap – There should be a combination of pin biometric and card security measures to enter the man trap as well as anti-tailgating measures in place.
  3. Exiting the man trap – Once in the man trap, there will be additional biometric security steps before one is allowed to leave the space.
  4. Entering the colocation white space – Another round of biometric hand scanners and card readers should be in place before one is allowed to gain access into the colocation white space.
  5. Accessing the cage or cabinet – The inner most ring is entering or accessing a cage or cabinet. This is accomplished with a key at minimum or dual authentications between pin plus biometrics for higher level security.
    • An additional level of security applies for shared cabinets or cages, requiring pin and biometrics or a key to access an individual space.

Download a copy of the 5 Rings of Physical Security infographic!

These five rings of data center security are in addition to any security personnel that is on site and security cameras throughout the data center.

Enhanced Data Center Security Options

While the five rings offer a good security foundation, many clients are interested in additional security features. Many of these requirements focus less on access and more on the physical security of cabinets, cages, and servers. Commonly requested additional security options include:

  • Double mesh on cages, creating meshing so tight that not even a thumb drive can fit through
  • In raised floor situations, mesh is often requested to extend all the way to the facility floor
  • Screws securing raised flooring
  • Double key entries
  • Secure tops on cages
  • Motion sensors inside private customer cages
  • Additional cameras inside cages
  • Hiring third party security companies to have a physical live security professional sitting outside the cage door to monitor access

These requests are often easy to accommodate, but require discussion prior to moving into the colocation facility.

Security Standards and Regulations

Security standards and regulations are another aspect in the colocation arena where providers can set themselves apart. Any colocation solution will adhere to ISO 27001 and some level of SOC (though the specifics and types may vary), but it is important to ask before signing a contract.

Differences can be seen in other compliance standards. PCI DSS (Payment Card Industry Data Security Standard) for instance has its own set of well-outlined security requirements. Not all data center facilities will meet PCI compliance, so it is important to ask specifically if that need exists. The same applies for HIPAA (Health Insurance Portability and Accountability Act). While specific security requirements are not as clearly outlined in HIPAA documentation, if this is a necessary compliance standard it is important to make sure the chosen colocation provider and data center facility can meet these needs.

Onsite Personnel

The dedicated, hard-working employees within the data center day in and day out will always be the first line of defense. It is necessary to ensure that the personnel within the data center being considered are as solid as the cameras and the biometric measures in place. A solid support system at all levels of infrastructure, security, and personnel within the data center are vital to a secure, successful deployment.

Ruben Castaneda discusses the importance of employee tenure and Evoque’s impressive staff on data center personnel.

Being Confident in Data Center Security

Security at a colocation data center serves several functions — from keeping servers safe to ensuring packages sent to the facility are received and correctly delivered. In addition to power and space, good security (physical, policies, and practices) is one of the biggest requirements clients have. Make physical security a key discussion point when shopping for colocation vendors and ask to tour the facility in order to experience the security features in person.

Considering or expanding colocation? Explore Evoque’s 31 data center locations.