Designing a secure data center takes significant forethought, especially with physical and online-based risks becoming progressively more likely. Here are some actionable considerations that can reduce risks and make facilities safe and future-proof.
Select an Appropriate Location
Designing a data center with security in mind begins with choosing the right location. The area’s crime rates could be a good starting point. How likely will vandals, burglars or other criminals target the newly built facility? Crime rate averages for a given region don’t tell the whole story, but they can highlight particular places to avoid or prioritize.
Once data center designers find a suitable location, they should strongly consider utilizing a concept called crime prevention through environmental design (CPTED).
It’s a well-known option for residential areas and schools but less common in the data center industry. CPTED centers on communicating that a facility is well-maintained, making it less appealing for criminals to target. Designers can get inspiration from CPTED concepts often deployed in communities.
Those could include:
- Installing fencing to designate clear boundaries
- Ensuring data center properties remain well lit
- Posting prominent signage to direct visitors to the main entrance
Many CPTED objectives also center on having a strong presence in the neighborhood. That way, community members feel compelled to voluntarily play a part in keeping the data center secure. That could involve having a local monitoring program where people use a dedicated phone number to report suspicious activity.
However, the emphasis on community involvement makes it necessary for designers and other involved professionals to engage with anyone feeling upset about a data center coming to a particular location. Ignoring strong resistance from residents, political officials and other community members could make the data center less secure because people are more willing to target it.
Use Hardening Principles to Design a Secure Data Center
Hardening encompasses efforts to make data centers more resilient against physical attacks. That could mean working with engineers to ensure the facility remains intact after structural failures. That approach helps people inside stay safer from events like building collapses. Teams that need to design a secure data center must consider the most likely adverse outcomes and how to prevent them.
Some professionals recommend data centers have at least seven layers of physical security. They are surveillance cameras, intruder detection systems, vehicle traps, auditable access controls, full authentication measures, physical barriers and 24/7 security guards. A data center uses hardening principles well if it features multiple preventive measures to stop unauthorized access.
Risk assessments of planned data centers may also indicate the need to protect the facility from bombs or other terrorist acts. Such cases usually require reinforcing the data center with steel in concrete. Designers may even choose to put the data centers underground. Those facilities are generally more secure than above-ground ones, but they still require stringent precautions against intrusion.
One week in 2021 had more than a dozen bomb threats against data centers in the United States and Canada. None involved explosives, but those instances illustrate the need for preparedness. Criminals increasingly realize how important these facilities are to modern society, increasing the chances they’ll set their sights on them.
Collaborate With Cybersecurity Teams
Anyone asked to design a secure data center should work closely with cybersecurity experts to understand how decisions may help or hurt cybersecurity. The things internet security teams do to keep data centers safe have evolved over the years, particularly as technological options improve. For example, it’s increasingly common to use artificial intelligence (AI) to thwart cyberattacks before they happen or make successful ones less damaging.
Some cyberattacks happen through physical means. As recently as 2022, attackers were mailing infected USB drives to targets. They hoped to entice people to use them on their computers and install malware. However, criminals could also try to launch a cyberattack through physical means, such as by posing as service providers or others typically given temporary access.
Consider the Layered Method to Design a Secure Data Center
One best practice is using a five-layered approach to secure data center systems. It breaks measures down into categories and involves covering the following aspects of the facility:
- Physical: This layer intends to stop in-person intrusion attempts and uses means such as security cameras and multifactor authentication-based access controls.
- Logical: This layer represents everything to do with the operating system. It involves preventive measures such as patching or removing older networks and using good password management practices.
- Network: This layer represents the gateway attackers can use to launch their attacks if not properly secured. It includes elements such as firewalls, routers and switches. Options for preventing attacks include removing unused network interfaces and using microsegmentation to limit the spread of any successful attacks.
- Application: This layer is solely about securing applications and database-related systems. One best practice is to have separate environments for development, production and testing. Another is to use logs to capture changes made to applications and databases. It’s then easier to spot potential anomalies.
- Information security: This layer ensures people perform the correct checks on the previous four layers. That means reviewing internet security policies, verifying that appropriate defense mechanisms remain in place, and looking over strategies surrounding using and handling of sensitive data.
The all-encompassing nature of the layered approach typically makes it inappropriate and infeasible for the design team to solely oversee all these factors. However, they can provide ongoing input relevant to their expertise when engaging in collaborative discussions across groups or with those working on the data center project externally.
Be Prepared to Learn and Apply Lessons
People must apply careful thought and best practices to design a secure data center. The individuals involved in such projects will undoubtedly learn many lessons along the way. However, the good news is that they can and should keep track of associated successes and failures. Such circumstances will contain valuable lessons that people can use to inform future data centers they design or ensure their current projects have the best possible outcomes.
Also, people new to this undertaking should strongly consider learning how to design a secure data center from experts who have done it many times before. That may mean working with consultants or people with specialized knowledge. They can help design team members avoid pitfalls and overcome obstacles in the most efficient and practical ways.
Emily Newton is the Editor-in-Chief of Revolutionized, an online magazine celebrating innovations in the industrial sector. She has over 5 years of experience showing how technology is changing the construction and manufacturing industries.
