“Who is running their data center like this?” – the question I’ve asked myself while watching my favorite shows recently. It’s rare, but sometimes data centers get exposure on the big screen, or the small screen. Whenever that happens, I’m like, “Look! A server room! Cool! That’s my job!” and I start paying close attention. But, I’ve noticed a bit of a trend: data centers in the media are really easy to break into.
Take the first case: Marvel’s Runaways – Season 1 Episode 6 “Metamorphosis”.
The target: “Wizard”, a tech company that I imagine is based on Apple or Google.
Guess what? The data they’re looking for happens to reside in a server room, on Wizard HQ premises. How lucky! Here’s all they have to do to break in:
1. Steal Mom’s ID badge from her purse.
2. Distract the front desk attendant.
3. Walk right in.
Case #2: Elementary – Season 4 Episode 19 “All in”.
The target: Data from a company called Semper Apex, that handles “information security and digital infrastructure” for countries like Ukraine, Sudan, and New Zealand.
Sounds like top secret data right? Well, Semper Apex also hosts their data on-site. Some international spies want to get their hands on it. What do they have to do to get into that on-premises server room?
1. Distract the owner (rob a high-stakes poker game – seems dramatic, huh?).
2. Make an imprint of his key to the server room, make a copy.
3. Break in overnight.
I can totally appreciate the need for simple break-ins to keep a plot moving. But c’mon writers – both of these fictional companies live and breathe data. Don’t you think they’d secure it better? I’d love to see the IT manager’s face after the breach is discovered.
Either of these cases could have been prevented at a data center that took physical security seriously. Let’s look at some measures that would have saved these companies their reputation:
- 24/7 in-house security teams (“in-house” is important, it means the data center doesn't use contractors, but trains employees to make sure they are accountable and they know what they are doing!)
- Mantrap entries, or even better, double mantrap!
- ID badge scanners (the first case had them, the second case did not)
- Biometric scanners (make sure the ID is carried by the actual approved person)
- Perimeter fences
- Security cameras, c’mon people!
I know, all of these measures seem expensive. But, especially if you’re a company like the fictional ones above, and you stake your business on data security, it’s worth the investment. And if you outsource your data center, it should be included in your lease. Consider a colocation facility that handles all of this themselves and saves you money by sharing the cost with your neighbors.
Have you seen any other examples of data breaches in media that could have been prevented by simple physical security measures?
The use of the names and television shows and/or any trademarked names and images above (other than those owned by CoreSite) are strictly for editorial and descriptive purposes, and no commercial claim to their use, or suggestion of sponsorship or endorsement, is made by CoreSite.