What is the benefit of having the server room located behind the IT staff?

Information security is a critical topic in the enterprise IT industry, especially when mission-critical data is stored in cloud data centers off-premises. Indeed, cybercrime is the most pressing concern since 79% of the organizations using cloud computing services have experienced a cloud-related data breach incident according to a recent survey.

Table of Contents Show

Security controls for data centers & server rooms
Securing your server room
Server room best practices
Restricted access & multi-layer authentication
Fire safety & HVAC
Building structure & utility infrastructure capacity
Information security
Emergency services
Securing server rooms is critical business
Related reading

However, there’s more to security of the cloud data center than defending against the prevalent cybercrime attack vectors. Physical security of hardware assets is equally critical for secure and dependable operations of a cloud data center.

In this blog, we will discuss what the physical security of a cloud data center entails, the applicable industry standards, and industry-proven best practices to secure your cloud data center resources.

(This article is part of our Data Center Operations Guide. Use the right-hand menu to navigate.)

Security controls for data centers & server rooms

Cloud data center and server room security controls encompass four key aspects of the data center:

Physical security. The security of static systems that constitute a data center. The building structure, hardware resources, utility services infrastructure, as well as portable and mobile objects that constitute a data center facility are included. The characteristics of these systems determine the security and physical threats facing a data center including fire, unauthorized access, work conditions for the workforce, and dependability.
Geographic characteristics. The location of a data center determines the natural threats such as earthquakes, flooding, and volcanic eruptions. Additionally, human-responsible threats such as burglary, civil disorders, interruptions, damages, and interceptions are also highly dependent on the location of the data center facility.
Supporting facilities. Refers to the services necessary for smooth data center operations. These facilities include the infrastructure of utility services such as energy, water, cooling, communication, and air conditioning. Emergency services including firefighting, policing, and emergency healthcare also impact the risk mitigation capacity of a data center.
Future prospects. Economic, political, geographic, and demographic factors affect how well a location is suitable for data center operations over the long term. The services and facilities available to your server room may suffice for now but does the location offer sufficient capacity, services, and facilities to scale in the future?

Securing your server room

The first step to securing a server room is to design one that is fully compliant to the leading industry standards. Organizations such as the National Institute of Standards and Technology (NIST) as well as government regulatory authorities provide guidelines, standards and frameworks that encompass all aspects of server room security: physical, environmental and information security.

Some of the common server room security standards and framework guidelines include:

Server room best practices

Server room security is an ongoing process. The security frameworks provide guidelines to maintain server room security in context of changing external circumstances and the scale of IT operations. Once a data center room is designed in compliance with the applicable standards, the next steps involve a range of controls that can help mitigate threat vectors ranging from human risks to threats from natural disasters.

The following best practices and security controls can help you get started with data center security:

Restricted access & multi-layer authentication

Only the authorized personnel should be allowed to enter (and exit) the premises. Multiple layers of security—passwords, RFID tags, and biometrics—can be combined to enforce implementation.

Server systems should be isolated such that the principle of least privilege access can be adopted, ensuring that damage can be contained within isolated sections of the data center when compromised.

(Read about zero trust network access.)

Fire safety & HVAC

Fire incidents, explosions, and inadequate HVAC affect the dependability of a server room. These incidents can leave irreversible damages to a server room, especially when the stored data is not adequately duplicated. Consequently, it’s important to evaluate the safety capacity of the building against these risks.

Adopt fire detection and control systems, automate emergency service routing and limit building occupancy. Data center efficiency is highly dependent on the HVAC systems. An effective server room design considers all aspects of ventilation, including damage limitation in event of a fire incident.

Building structure & utility infrastructure capacity

The hardware racks and building structure should be highly capable of supporting heavy hardware devices. Access to these devices should be convenient and systematic: troubleshooting, repairs, and upgrades should take minimal time and effort. The utility infrastructure that powers HVAC systems should be designed for:

High capacity
Structural integrity
Long life

Information security

Physical security of a server room also impacts the ability to secure information stored within the server systems. If the data is encrypted, it will remain secure even when the storage devices in the server room are compromised.

Similarly, the server systems should be designed for redundancy. If one device is no longer operational or is compromised, the stored data should be accessible through alternative and redundant storage devices.

(Learn more about data center redundancies.)

Emergency services

In event of a security breach or emergency incident, access to emergency services—police, healthcare, and firefighting services—should be automated and highly available. Deploy automated technology systems to inform the appropriate emergency services in event of an incident and engage with private security services to enhance building security.

Securing server rooms is critical business

Securing server rooms is an absolute necessity. It is not a cheap endeavor (would you want cheap security?), so you’ll have to find some custom balance of security, accessibility, and cost. Leadership may be hesitant to invest in server security, but by knowing that something will go wrong, it’s just a matter of when, you can choose to be on the offense instead of on the defense.

A good tenet of server room security: the more you control, the more secure your servers will be.

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing .

Of course it isn't an office.
If you work at a meat processing factory they don't give you a desk in a walk in refrigerator (cue someone telling me they know somewhere where that happened).

Spice (15) flagReport
Was this post helpful? thumb_up thumb_down
hutchingsp wrote:

Of course it isn't an office.

If you work at a meat processing factory they don't give you a desk in a walk in refrigerator (cue someone telling me they know somewhere where that happened).

Yeah that happens. Usually it will be a sub-office for the production managers, or quality control, who also have a bigger office elsewhere. Equally, anyone involved in refrigerated warehouse or transports is likely to have an office within the cold areas.
However, it is really bad practice to have an office in the server room (or servers in the IT office). For many reasons relating to security, BC / DR, etc the server room needs to be kept shut, locked and separate. Even if it is still a small amount of equipment involved.
As for temperature, tests show that the most appropriate temperature for a server room is between 20 - 24 degrees Celsius; any warmer and the fans in the servers have to work harder, and colder and it's using extra power to cool unnecessarily.

Spice (3) flagReport
Was this post helpful? thumb_up thumb_down
I have seen server cabinets that have built in aircon and are, of course fully lockable. These are designed to be used in an office environment, but, in my opinion, are only suitable for small setups where the systems and networking can be housed in the cabinet. Most setups need a dedicated server room because you don't want all and sundry able to wander into the server room, it should be secure. You need to be able to control who has access to the company infrastructure.
You don't let anybody wander into the plant room. It is bad for the plant and not safe for the people not properly trained and aware of the dangers. Similarly the server room. Quite apart from the dangers to the systems, the systems are dangerous to people. Just think about how much power is flowing through your UPS, and what that could do to a human

Spice (1) flagReport
Was this post helpful? thumb_up thumb_down
Our server rack is located in the HR departments table, and I mean TABLE not office

Spice (3) flagReport
Was this post helpful? thumb_up thumb_down
We have our servers in a locked room at the back of the IT office, but they are separate. Heck in winter one or two of us wouldn't even be able to work in the office if the server room was part of the office itself, it'd just be too cold.

Spice (1) flagReport
Was this post helpful? thumb_up thumb_down
Really depends - for some, the server is just a storage place with a few add-on services such as DHCP - if it's a glorified workstation then it can sit practically anywhere.
If you've got a rack of servers though - they tend to be noiser - wouldn't want to sit in with those all day.
FWIW - I've got a server sat in my office - it's only a backup/spare so doesn't do much and it is just a beefy workstation - so it's pretty quiet. The real servers are next door and I can hear them through the wall ...

Spice (2) flagReport
Was this post helpful? thumb_up thumb_down
Hey Jim,
Looks like you are in Singapore, I'm not sure about the laws there but here in Australia there are laws governing health and safety in the workplace, and anyone big enough to have an HR employee will take those laws very seriously.
Too much cold air will lead to poor health, frequent colds, high risk of flu etc. If you bring up the work conditions with HR and mention the outcomes, then they are obligated to find a safe work environment for you. Again, this si based on Australian law, not Singaporean.
Best of luck

Spice (2) flagReport
Was this post helpful? thumb_up thumb_down
Well, I simply cant imagine a server room beïng an "open" area, how do you arrange things with security & compliance?None of your end-users walk into your office now?But then again, that wasn't your question, just a concern that came up on top of my head.Anyway:It should never be combined!
Even if it's just a network highway, you would never want to have your office in the same room since access to your entire network is possible and a company risk.

Spice (2) flagReport
Was this post helpful? thumb_up thumb_down
Most places I've worked, the two locations have been physically separated and locked. Sometimes people need to go to the IT office... no need for them to get any more distracted by the blinking lights on the servers..
One of the main concerns to bring up is safety and hazard as Server rooms usually have separated or isolated fire systems that uses halon or other gas fire suppression systems that are toxic.
Sometimes IT persons are required to support old or faulty PCs and/or equipment that may "smoke" and thus causing fire alarms to go off, not necessary sprinklers go off, but may activate the server room fire suppression systems (depending on setup and configuration).
....
Then sometimes the support of faulty PC may cause circuit breakers to go off....this is normal for support desks (we usually have a isolated circuit for support staff in the office area as well.....this may pose a problem if the staff are seated in the server room (plug in a faulty screen or lappy and cause servers' circuit to trip ??)

Spice (2) flagReport
Was this post helpful? thumb_up thumb_down
Joey1405 wrote:

Well, I simply cant imagine a server room beïng an "open" area, how do you arrange things with security & compliance?

Many businesses have no compliance issues as they're not dealing with sensitive data.
Our server room is open - anyone could walk into it - but the number of users in the office is minimal, entry into the room is discouraged - and they have no reason to go in and ultimately, we trust our colleagues.
Yes, it's a risk - but minimal - compared with the hassle of creating a locked room
First, the idea that any room containing a server has to be too cold for habitation is false. Servers don't need "cold." They simply need excess heat removed. There is no reason that a room with servers in it can't be a comfortable 72 degrees.
It's far more likely that a large data center will be too noisy to work effectively. You might be able to make that case to management.
Physical security is another aspect you can argue. A server room with an additional layer of security on it is better than one that visitors can poke at. (What's this do?)
But, before you get all up on your high horse and start listening to the cries of "They can't do that!" and "Sue them!" and "Call the government!", try think about it in terms of why the change might benefit the company. Then, present your proposal in that light.

Spice (4) flagReport
Was this post helpful? thumb_up thumb_down
I'm going to laugh at this, otherwise I'd cry. My Server room is my office, IT Suite,Photocopier room, piano and violin lessons room, seriously mate I know where you come from and I am far beyond that point, I'm fed up of this situation but I cannot do anything. We're a small school with a small budget to have a cooled isolated room. As you can imagine my cooled system is "Open doors/windows" , yeah I know, don't tell me..... It's to start crying.
Andrew_F wrote:

Joey1405 wrote:

Well, I simply cant imagine a server room beïng an "open" area, how do you arrange things with security & compliance?

Many businesses have no compliance issues as they're not dealing with sensitive data.
Our server room is open - anyone could walk into it - but the number of users in the office is minimal, entry into the room is discouraged - and they have no reason to go in and ultimately, we trust our colleagues.

Yes, it's a risk - but minimal - compared with the hassle of creating a locked room

<p>Compliancy and Security not only(EDITED: added: "Only") concerns sensitive data. And even so, what about the own personnel data?But on the other hand, I can see these things happening in smaller organizations. So I don't really agree but don't disagree fully as well😉 </p>
In my past job I was very close to the server room in a basement so it is not an issue for me, plus I love a good AC :). In the end though it was too loud so we made a wall to divide it and it worked well :)
BTDT, I spent several months in a hastily constructed cube in the corner of the server room. It was cold and so loud I couldn't hear myself think. It was miserable.
If there is no other option than using the space, maybe they could make a partition wall with a separate door.
I would not worry too much about the temp, I would worry more about the amount of noise from all the cooling fans (servers, switches, etc). If it is a loud room, it could cause hearing damage. Just talk to your supervisor about having an office (even a small one) of your own to work out of. You could always try telling them that you can't hear people over the phone.

Spice (1) flagReport
Was this post helpful? thumb_up thumb_down
I ran into a similar issue at my current job. Our sysadmin lives in a closet that houses the on prem equipment for one office. Switches, phones systems, misc local servers. It was one of the first things I said needed to be changed. For multiple reasons.
- Security - As an office, you have a tendency to walk in and out, leaving it open. Granted, this is in a basement with minimal traffic, but that is a security risk.
- Volume - The sysadmin is our lead helpdesk person taking calls. So, the background hum of equipment while on the phone is less than perfect situation.
- Workspace - Its a closet. IT works on equipment, prepping workstations, hardware, this can spread out. A proper IT room needs a work bench.
Its nice to be able to see the blinky lights in your datacenter and make sure nothing is smoking. But, with automated monitoring, remote access and control. This is hardly necessary any more.
I would say 'it depends'. Some smaller companies simply don't have the space or financials to have a separate server room. Most of my small clients have a server in some shared room and it's never been an issue. However some beefier servers are noisy and if you are in close proximity each and every day you will get tinnitus.
My own server is under my desk and I use it, or the UPS as a footrest however it's a base model and as quiet as a PC.
My first "Server room" was also my office. It also happened to be the recently renovated toilets, they basically walled off the waterworks and that was that after installing HVAC too, done completely arse-about-face!
It just depends on local health and safety regulations and if the company/entity you work for has enough money to correctly implement a fundamental server set-up.
The server room is the IT departments office. We've added a lot more equipment into the rack and its getting to the point we can't hold conversations over the phone due to the fans. The temp isn't an issue. Just some friendly ribbing about wearing a leather jacket in 95 degree weather. Getting to the point I want to order some dbA testing equipment just to see how much noise our slice of heaven is generating.
well, it all depends. ideally, yes they are two separate spaces. but sometimes when you have no choice, you end up with IT Office space with a 42u rack of equipment in it.
like we have in this building. our main server room is in a different building. but i have a VMware farm, switches, and a couple of other servers in this rack running.
Best place to get away is that datacenter...
It's always worth asking. But if they say no, they say no.
OK, further to my earlier thread
https://community.spiceworks.com/topic/2000531-uk-security-cleared-work?anchor=entry-6941593&pag....
the situation is a little better now, have got management to realise that SC means SECURITY, and that if we need SC clearances, it is because the [here] UK Govt have determined that this project has national security implications
SO, we have the new office being built, the server room will be a good size, and proper locking doors - BUT :o) - I asked for there to be an office for the sys admin guys to sit in, in front of server room, to give an extra layer of security to the room, solid walls, glass front, admin desks to be on side, so they can see door, but no one can see their screens etc.
bearing in mind this is an Indian CO, their response was NO, we don't need that, and in times when we are busy we will expect admins to pick up phones and work 1st line too ..........................
needless to say this has caused a bit of a kerfuffle* with them, and I have tried to explain that here, in UK, if we pay admins to admin, they will earn their pay by doing just that
I got involved as my SC is current and so I am already cleared, rest of team in process now :o)
so in answer - eventually LOL - you DO require a separate server room, and if possible, the IT room to be adjacent to it as well, ideally positioned so that to access room, you need to enter IT, and then get to server room, anything else isn't really secure. Maybe one day CO's will come to see IT isn't that necessary evil, and does in fact earn its keep many times over
*kerfuffle - UK version of a shitstorm, minus any physical assault, not too many cuss words, and generally includes several cups of tea as we decide what we are going to DO about the whiole thing
Jim Raynor wrote:

Is it correct to say that server room is not meant to be an IT Office as well?

In the enterprise, IT isn't even allowed into the datacenter. DC is staffed by bench people, not IT. IT has no need to ever be in that space. It's an OSHA violation to have people stuck in there.
It's non optimal and not best practice security wise. But there are lots of non optimal setups. If the room is climate controlled, then depending on your location this might violate work regulations. Other than regulations it really comes down to budget and available space.
A server room definitely shouldn't be an office. But of course, tell that to the companies I've seen where IT is an after-thought.

I interviewed once at a company that off-shored IT. It was horrible so they were in the processing of bringing IT back in house. Of course, they didn't have any space for them so they took their data center floor, consolidated the servers, put some walls and additional security doors up around the servers and put cubicles and desks in the server room. So everyone was working off of the raised floor section. It wasn't too loud or cold since they zoned everything, but all the cubicles and desks were definitely old hand-me-downs from other departments. Needless to say, I rejected their employment offer. And this was a Fortune 500 company.
need to mention Security as a concern and IT staff are often visited by people just to ask Question etc. Server Rooms are Strictly off Limits and Only People who NEED access to the servers should have access. this might get you an office for IT Staff
adrian_ych wrote:

One of the main concerns to bring up is safety and hazard as Server rooms usually have separated or isolated fire systems that uses halon or other gas fire suppression systems that are toxic.

This is a pretty popular urban myth, but not really true, assuming the fire suppression system was designed properly (big assumption, I know). Halon hasn't been used for decades, and is pretty much illegal to service. The modern alternatives, such as FM-200 and generic Inerting systems are unpleasant to be in if they discharge, but aren't going to kill you. The goal is to get the oxygen content down to around 10%, which will extinguish pretty much all fires, but is still high enough that a person inside will be able to maintain consciousness.
That said, they're also always fitted with a 30 second warning system and abort switch, to give occupants the time to evacuate and/or prevent the dump.
Travis N wrote:

A server room definitely shouldn't be an office. But of course, tell that to the companies I've seen where IT is an after-thought.

This is pretty much my situation, though in our case, we're in an 80 year old building, and IT only came to the organization about 10 years ago (Charity/non-profit situation).
I do have a dedicated crawlspace (It's a finished room, but is only about 5' high) that houses one of my servers, and all the satcom/networking gear that connects us to the outside world. Fortunately I don't usually have to spend much time in there, and even though I'm 6'2", working in there isn't so bad as long as I stay in a chair. Cooling-wise, well, we don't have the power for A/C, so it's cooled through forced ventilation.
The other servers are in our IT office, in a locking rack. It gets noisy in the summer as the fans spin up and down through the day, but it's the best we can do.
I haven't read the other messages before mine, but I'm pretty sure we'll agree on this one. No! The server room is not an office. Yes, it feels amazing in there and sometimes I just want to curl up in the cool dark and let the swan song of those fans take me off to sleep.......but I musn't!!! Seriously though; we keep them in a clean, climate controlled environment for a reason. People eat at their desks, have co workers come over and chat and God only knows what else.
Robert5205 wrote:

First, the idea that any room containing a server has to be too cold for habitation is false. Servers don't need "cold." They simply need excess heat removed. There is no reason that a room with servers in it can't be a comfortable 72 degrees.

I disagree. We might split hairs over the comfort level of 68 versus 72 degrees, but components work harder when things are hotter. Components that are worked harder don't last as long. Again, we can debate the value of n degrees of cooling vs MTBF and criticality of a given component, but the physics are what they are.
That said, most servers are noisy. More than a handful of them renders the room unsuitable for continuous habitation. Period. Making "the IT guy" live there "because that's where the computers are" is just a chickens***t cop-out for not wanting to spend the money to provide that guy with a suitable workspace. They would not ask that of any other department, so why should IT put up with it?
I've never come across this before. I would definitely say don't make your server room an office as well. Its too loud, too cold and wont really motivate anyone to do any work.
You could even bring it up as a security concern. You mostly don't really want people who don't have business in the server room, to be in the server room. A lot of people may be visiting the IT office however, so having them be the same thing is not optimal. This is something that should totally work with any security wary management unless the physical space makes it impossible.
If the request to keep people in the same room as server then you have to make sure the well-being and comfort of them. That means we would turn off the AC and provide hearing protection for them. If the servers fry, then that conversation happens. When I was starting out, I had this happen. HR was behind me 100% so that helped.
For security reasons your servers etc should be in a separate locked room. They should never be located in an office where anyone can gain access. If space really is an issue, you should have lockable server cabinets.

Spice (1) flagReport
Was this post helpful? thumb_up thumb_down