This page contains a Flash digital edition of a book.
equipment, and often allowing continued service of the facility.


Site location security This will be addressed at due diligence stage when choosing a site. Depending on the nature of the data centre some organisations may avoid the following sites:


• under flight paths to airports


• sites adjacent to rivers, lakes and flood plains


• sites very close to train lines


• countries with perceived political stability issues


• areas where there is significant seismic activity or a history of natural disasters or weather damage


running of an organisation and in extreme situations could incapacitate it.


Therefore, in the design, construction and operation of data centres there needs to be a robust security strategy in place to protect the information and server operations contained inside the data centre, and to protect the staff within and the facility itself. A security system aims to maintain data flow and storage, protect processing power, prevent damage or loss of data, and prevent theft of data.


The principal areas of risk in and around data centres, that become security risks, include the following:


Interruption to electrical power or cooling Resilient power and cooling systems are built into data centres to provide redundancy. The effectiveness of this resilience is down to engineering design. For power, resilience is provided by the use of dual power feeds, UPS systems and standby generators, as an example. The same with cooling, back up cooling plant is provided. These systems, which are computer controlled, must be protected both physically and the control systems protected to prevent the lifeblood of the server being interrupted.


Unauthorised access to the facility and data halls Unauthorised access to a data centre is prevented by a multitude of precautions. One of the challenges is that operatives needing to work in the data centre will include not just the full-time staff, but also external contractors. Precautions may include: physical guarding services; double perimeter fences with motion detection and cameras; separate access and egress routes to simplify security operations; secure access to data halls including mantraps and biometric control; cameras located to monitor and record


technician access to every server, power and fibre network, or to plant; computer controlled door locks; camera covered door and zone access.


High impact physical attack This may include vehicular, airborne or other types of impact or explosion. Precautions can include: subterranean construction of the whole facility; a blast proof external envelope to the building which may include reinforced concrete walls and roof; blast proof zones within the data centre as a precaution against incendiary devices internally; road-blockers or similar measures to prevent unauthorised vehicular access; dock-levellers to negate the need for vehicles to enter the facility.


Technology risks and cyber attack The technology security side of data centres is a substantial subject in itself. Cyber attacks are probably the most significant concern to many organisations, especially those considering the Cloud. Vulnerable are not just servers but also the electrical or environmental control systems in the facility. Technology departments expend significant resources on software and research in this field.


Attacks on services outside the curtilage of the facility (eg fibre routes) Because access to fibre routes that link an organisation’s facilities is outside the curtilage of each facility, it is more challenging to fully protect. Whereas data is often encrypted or scrambled after it leaves, or before it enters a facility, the risk is more the physical severing of a route, either by accident or maliciously.


Fire Fire protection systems are sophisticated and extensive within data centres, to protect the occupants and every element of the facility. Technology is advancing to limit fire suppression to the precise zone in which it is activated, without damaging plant and


• areas adjacent to fire or explosion risks (eg adjacent to particular types or industrial or storage facilities)


Often sites are located away from public view and main roads. Data centres are often without signage and anonymously located. It is not uncommon to utilise old military bunkers, disused open cast mines or to build underground.


To conclude The most secure data centres are generally those that organisations build for themselves. Although it is interesting to note that in line with current outsourcing trends corporates and public organisations increasingly outsource their data centre requirements to hosted data space with co-location providers. The level of security in these facilities has increased markedly over recent years and if projects are specified, designed, managed and delivered well, the security levels can be on a par with facilities that organisations build for themselves.


Security installations within data centres have complex interfaces with many of the building’s mechanical, electrical and other systems. The complexity is often under-estimated and the integration with the rest of the building project inadequately planned. This results in abortive work and impacts on cost and programme. It is therefore important to involve appropriately experienced security professionals, stakeholders and consultants from the outset of a strategy for a data centre build, to avoid such project delivery issues.


Gavan Mackenzie Managing Director, sineQN www.sineqn.com


> 7


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36