Expect the unexpected: A mantra that I repeat everyday when it comes to the physical security of our data centers. In the world of data center security, you must be aware of any and all potential threats that may harm the integrity of the data center in order to react accordingly. This world is constantly evolving. Perhaps it is my 14 years in law enforcement that always keeps me on guard. If there’s one thing my experience has taught me it’s this: No matter the situation, you are never off duty.
In a time when cybersecurity is seen as the one of the biggest threats to businesses, physical security also plays a critical role in protecting data and property from compromise. A breach in the physical security of a facility can result in theft, property destruction and the loss of vital information. It is a costly endeavor if left unaddressed. According to one study, 10% of malicious breaches were caused by a physical security compromise in 2020, which amounted to $4.46 million in damages.1
Recent events continue to shift the mindset related to ensuring security of spaces where data and applications are kept. Just last year, a foiled attempt at bombing a data center caused many data center providers to address physical security in ways they never had to think about before. Even if this targeting was an isolated incident, the attitude of “business as usual” could not carry on. Taking into consideration the global pandemic, events of January 6th, the war in Ukraine and other major events, data center providers must continue to review and adapt their approach to physical security.
Any risk of breach—from a virtual or physical source—should be treated with the highest level of protection and authority.
Most data centers are somewhat accessible. They are located in cities, are close to other structures and may not have a physical barrier to stop a person from getting close. Today, there have never been more options available when it comes to safeguarding data centers.
A layered approach to physical security ensures that data center providers are using appropriate security measures that protect the facility and the physical assets it houses. This approach includes:
There are a couple unique aspects to our approach. First, every CoreSite Data Center Operations (DCO) Technician is trained and security qualified. These people are the “boots on the ground” so to speak, the eyes and ears, the data center’s first line of defense. A facility’s physical security is nothing without them.
Second, we have developed our own training processes to ensure our teams are equipped and ready to protect against threats. Our training program comprises three levels of qualifications:
Extensive and ongoing training at every level, mine included, are critical to a data center’s operation and security. A strong understanding of technologies and processes ensures effective and immediate responses from security personnel in the event of an incursion.
In addition to training, we constantly test ourselves. Not only do we utilize a formal audit process, we also perform informal penetration testing, which consists of unannounced visits to see how operations are running. Such visits help expose physical weaknesses and allow us to adapt our practices to address potential areas of vulnerabilities.
The processes and systems we have in place safeguard all our facilities. The system works with all sites and, in the event of a breach, other sites can take over data center functions, so there is no gap in monitoring of alarms and video. For all intents and purposes, all sites back each other up.
When it comes to physical security, the stakes are high. The unpredictability in the world can range from natural disasters to criminal attacks—all of which pose significant risk to business operations. Disruptions to businesses, or even worse the loss of data, not only affects the business itself but also customer perception. Physically safeguarding data centers has never been more important. We must work to continually reassess our practices and procedures to address potential threats. Because we are never off duty.
Learn about CoreSite’s physical security and technology for data centers and how we are constantly evolving to bring the most robust prevention and response to security threats.
Director of Security Programs
David is responsible for policies and procedures related to data center physical security operations and physical security construction standardization.Read more from this author