Information security is a critical topic in the enterprise IT industry, especially when mission-critical data is stored in cloud data centers off-premises. Indeed, cybercrime is the most pressing concern since 79% of the organizations using cloud computing services have experienced a cloud-related data breach incident according to a recent survey. Show
However, there’s more to security of the cloud data center than defending against the prevalent cybercrime attack vectors. Physical security of hardware assets is equally critical for secure and dependable operations of a cloud data center. In this blog, we will discuss what the physical security of a cloud data center entails, the applicable industry standards, and industry-proven best practices to secure your cloud data center resources. (This article is part of our Data Center Operations Guide. Use the right-hand menu to navigate.) Security controls for data centers & server roomsCloud data center and server room security controls encompass four key aspects of the data center:
Securing your server roomThe first step to securing a server room is to design one that is fully compliant to the leading industry standards. Organizations such as the National Institute of Standards and Technology (NIST) as well as government regulatory authorities provide guidelines, standards and frameworks that encompass all aspects of server room security: physical, environmental and information security. Some of the common server room security standards and framework guidelines include: Server room best practicesServer room security is an ongoing process. The security frameworks provide guidelines to maintain server room security in context of changing external circumstances and the scale of IT operations. Once a data center room is designed in compliance with the applicable standards, the next steps involve a range of controls that can help mitigate threat vectors ranging from human risks to threats from natural disasters. The following best practices and security controls can help you get started with data center security: Restricted access & multi-layer authenticationOnly the authorized personnel should be allowed to enter (and exit) the premises. Multiple layers of security—passwords, RFID tags, and biometrics—can be combined to enforce implementation. Server systems should be isolated such that the principle of least privilege access can be adopted, ensuring that damage can be contained within isolated sections of the data center when compromised. (Read about zero trust network access.) Fire safety & HVACFire incidents, explosions, and inadequate HVAC affect the dependability of a server room. These incidents can leave irreversible damages to a server room, especially when the stored data is not adequately duplicated. Consequently, it’s important to evaluate the safety capacity of the building against these risks. Adopt fire detection and control systems, automate emergency service routing and limit building occupancy. Data center efficiency is highly dependent on the HVAC systems. An effective server room design considers all aspects of ventilation, including damage limitation in event of a fire incident. Building structure & utility infrastructure capacityThe hardware racks and building structure should be highly capable of supporting heavy hardware devices. Access to these devices should be convenient and systematic: troubleshooting, repairs, and upgrades should take minimal time and effort. The utility infrastructure that powers HVAC systems should be designed for:
Information securityPhysical security of a server room also impacts the ability to secure information stored within the server systems. If the data is encrypted, it will remain secure even when the storage devices in the server room are compromised. Similarly, the server systems should be designed for redundancy. If one device is no longer operational or is compromised, the stored data should be accessible through alternative and redundant storage devices. (Learn more about data center redundancies.) Emergency servicesIn event of a security breach or emergency incident, access to emergency services—police, healthcare, and firefighting services—should be automated and highly available. Deploy automated technology systems to inform the appropriate emergency services in event of an incident and engage with private security services to enhance building security. Securing server rooms is critical businessSecuring server rooms is an absolute necessity. It is not a cheap endeavor (would you want cheap security?), so you’ll have to find some custom balance of security, accessibility, and cost. Leadership may be hesitant to invest in server security, but by knowing that something will go wrong, it’s just a matter of when, you can choose to be on the offense instead of on the defense. A good tenet of server room security: the more you control, the more secure your servers will be. Related reading
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion. See an error or have a suggestion? Please let us know by emailing .
|