Colocating your server to a data centre has a lot of advantages. But, it comes with one new concern, physical security. The server is not your property when you are on a shared or VPS server. So, virtual security is your only security concern. 

When you use a colocation facility, the server hardware is your property. You try your best to find the data centre that provides the best physical security. Protection is needed from not only thefts but also natural disasters. Data centres must have strict procedures to keep unauthorised persons far from the server. 

This article explains the importance of physical security in colocation hosting facilities.  

What is Physical Security?

A software-level firewall cannot do anything if an attacker steals your storage media. So, physical security is as important as cyber security. But what counts as physical security would be a good question to ask. 

It includes protection of people, property, and physical assets from actions and events that could cause damage or loss. The advancements in AI and IoT have made physical security and monitoring easier. In other words, physical security and technology have never been more connected. Physical and virtual security teams can now work together to ensure most protection.  

Importance of Physical Security

Physical security is about protecting your facilities, people, and assets from real-world threats. For example, colocation providers have to ensure theft protection for your server. It includes physical deterrence, detection of intruders, and response to those threats.

Security often means restricting unauthorised people from accessing the assets. They could be external actors or potential insider threats. You may want to keep the public out of HQ. On-site third parties should not be at sensitive work or mission-critical areas like the server room.

Also, there are always threats of physical attacks. For example, someone could break into the data centre and enter the restricted areas. Besides, someone could use the terminals they are not supposed to use. 

Once inside, attackers can do anything to destroy the colocation company. They can steal critical information via USB and upload malware. They can damage servers or storage media and access essential terminals for mission-critical applications. 

There should be strict controls to protect from external threats. Proper internal measures to prevent internal attackers are also necessary. This internal system should be efficient enough to flag unusual behaviour.

Companies keep all the attention at the front doors. It is a general practice. All surveillance cameras, badge access, and security guards are at the front door. David Kennedy, CEO of penetration testing firm TrustedSec discourages this behaviour. He maintains that the entire building is the point of physical security.

That results in leaving many other sensitive areas unattended. It includes smoking areas, on-site gym entrances, and even loading bays. David Kennedy advises not to leave them unguarded, insecure, and unmonitored. 

The cost of cyber-attacks is high, but the physical attacks are equally terrible. One example is a Chicago site that was robbed four times in two years. 

Physical Security Standards of Data Center

Location

The physical security of any data centre starts with location. A lot of factors can make any location inconvenient for data centres. Some of these are:

• Flooding Risk
• Geological Activity at Regional Level
• High-risk Industries In the Area
• Risks of Force Majeure

It is better to choose a location where these risks are minimal. If you cannot find such a location, you can prevent using barriers or extra redundancies in the physical design. 

Buildings, Structures, and Data Center Support Systems 

Structural design that works beneath data centres should also be security-optimised. It should reduce access control risks. Every little thing matters. Fencing around the perimeter and thickness matter. The number of entrances in the building and the material of the building's walls also play their role. 

Here are some other important factors:

• There should be server cabinets filled with a lock.
• It is a good security practice to have many suppliers for telecom and electricity for one building.  
• UPS, generators, or any power backup systems are critical. 
• Using mantraps is also an ideal practice. It is an airlock between two doors. Both doors need mantraps. 
• You may expand in the future within similar boundaries. Take this factor into account. 

Physical Access Control

It is crucial to control the movement of visitors and staff around the data centre. Two things can help you a lot if a breach happens in the future. The first is having biometric scanners on all doors. Second is the log of who had access to what and when. 

Also, ensure that only people exiting the building can access fire escapes and evacuation routes. Prevent re-entry by having no outdoor handles. If someone opens any safety door, it should sound an alarm. 

Also, there should be mechanisms to avoid vehicular attacks. Every vehicle entry point should use reinforced bollards. 

All Endpoints Should Be Secure

Every device is an endpoint. The server is an endpoint. The tablet is also an endpoint. Laptops connected to a data centre network are also endpoints. Even the smartphone is an endpoint when it is connected to the network. 

Data centres must ensure their clients are serious about cybersecurity. One weak server can put all other servers at risk. Attackers are always trying to find one unsafe endpoint to get access to the network. 

Customers also demand remote access to the power distribution unit. It allows them to reboot their servers. Security becomes critical in such cases. Colocation providers must do their best to secure all endpoints. 

Video & Entry Logs

Keep all logs, including video logs, in a file for at least 90 days. Sometimes we identify breaches late, but at least we identify the vulnerable systems and entry points.

Document Security Procedures

It is essential to have well-defined and documented procedures. Even regular delivery should be planned carefully. You should not leave anything open for interpretation.

Run Regular Security Audits

The term audit covers many things, from daily security check ups to physical walkthroughs. Then, there are quarterly PCI and SOC audits. Finally, you should conduct physical audits. They will confirm that the reported data matches the actual conditions.

Most Vulnerable Points of a Data Center

Data centre size depends on the size of the organisation and its data usage patterns. The following are some of the weakest areas. You should have high security all the time. 

Wiring/Compartment Room

The wiring of the entire data centre is there. Firewalls and alarm systems are also there. If an attacker shuts it down, the remote breach would be a piece of cake. Here is the worst that could happen. One group of attackers will physically attack and shut down the wiring room. The other will attack remotely. Here are some ways you can protect the wiring room:

• The security system at the data centre should allow authorised personnel to enter. 
• Use physical protection for main wiring panels and other important systems. 
• Do not use inflammable items near the wiring compartment/room.
• The wiring compartment/room should be under video surveillance 24/7.
• Proper maintenance of the wiring system is critical. Even minor changes should be easily noticeable.

Computer/Server Room

All primary data activities take place here. Machines stored here perform all primary processes of the data centre. They host a network or store the data. It should be secured and maintained correctly. Here is a server room protection checklist.

• Unauthorised persons should not be allowed to enter. Administrative staff and maintenance personnel need access to operations.
• The room should have high ceilings. 
• The number of entrances and exits to the server or computer room should not be more than two. 
• The room should be under constant CCTV surveillance.  
• You should have a backup plan for a breach. 
• The temperature should be between 55o – 75o Fahrenheit. 
• Humidity sensors and fire prevention systems are also a must.

Data Storage & Location

You will often use a RAID system to store the data. Data should not only be safe but also available. Data sanctity and integrity are equally important. Any data storage facility needs heavy protection from physical attacks. You should take the following steps:

• Get a separate digital entry system installed in the data storage location. It should restrict the entrance of everyone other than authorised personnel. 
• The data storage location should be the innermost and the most secure place. Interior sections are preferable. 
• The room should have 24/7 CCTV surveillance.
• All the data must have a remote server backup. 
• Do routine checkups of temperature and humidity levels.

Putting It All Together

Physical damage to colocation centres can stop business continuity and change customer perceptions. Thus, physical security is one of the primary concerns of the colocation customer. If you convince them on this point, they will easily convert. Thus, colocation vendors must reassess their practices and procedures to address potential threats.

You May Also Like To Read: An ultimate guide to choosing the right colocation providers