My shopping cart
Your cart is currently empty.
Continue ShoppingColocating your server to a data centre has a lot of advantages. But, it comes with one new concern, physical security. The server is not your property when you are on a shared or VPS server. So, virtual security is your only security concern.
When you use a colocation facility, the server hardware is your property. You try your best to find the data centre that provides the best physical security. Protection is needed from not only thefts but also natural disasters. Data centres must have strict procedures to keep unauthorised persons far from the server.
This article explains the importance of physical security in colocation hosting facilities.
A software-level firewall cannot do anything if an attacker steals your storage media. So, physical security is as important as cyber security. But what counts as physical security would be a good question to ask.
It includes protection of people, property, and physical assets from actions and events that could cause damage or loss. The advancements in AI and IoT have made physical security and monitoring easier. In other words, physical security and technology have never been more connected. Physical and virtual security teams can now work together to ensure most protection.
Physical security is about protecting your facilities, people, and assets from real-world threats. For example, colocation providers have to ensure theft protection for your server. It includes physical deterrence, detection of intruders, and response to those threats.
Security often means restricting unauthorised people from accessing the assets. They could be external actors or potential insider threats. You may want to keep the public out of HQ. On-site third parties should not be at sensitive work or mission-critical areas like the server room.
Also, there are always threats of physical attacks. For example, someone could break into the data centre and enter the restricted areas. Besides, someone could use the terminals they are not supposed to use.
Once inside, attackers can do anything to destroy the colocation company. They can steal critical information via USB and upload malware. They can damage servers or storage media and access essential terminals for mission-critical applications.
There should be strict controls to protect from external threats. Proper internal measures to prevent internal attackers are also necessary. This internal system should be efficient enough to flag unusual behaviour.
Companies keep all the attention at the front doors. It is a general practice. All surveillance cameras, badge access, and security guards are at the front door. David Kennedy, CEO of penetration testing firm TrustedSec discourages this behaviour. He maintains that the entire building is the point of physical security.
That results in leaving many other sensitive areas unattended. It includes smoking areas, on-site gym entrances, and even loading bays. David Kennedy advises not to leave them unguarded, insecure, and unmonitored.
The cost of cyber-attacks is high, but the physical attacks are equally terrible. One example is a Chicago site that was robbed four times in two years.
The physical security of any data centre starts with location. A lot of factors can make any location inconvenient for data centres. Some of these are:
It is better to choose a location where these risks are minimal. If you cannot find such a location, you can prevent using barriers or extra redundancies in the physical design.
Structural design that works beneath data centres should also be security-optimised. It should reduce access control risks. Every little thing matters. Fencing around the perimeter and thickness matter. The number of entrances in the building and the material of the building's walls also play their role.
Here are some other important factors:
It is crucial to control the movement of visitors and staff around the data centre. Two things can help you a lot if a breach happens in the future. The first is having biometric scanners on all doors. Second is the log of who had access to what and when.
Also, ensure that only people exiting the building can access fire escapes and evacuation routes. Prevent re-entry by having no outdoor handles. If someone opens any safety door, it should sound an alarm.
Also, there should be mechanisms to avoid vehicular attacks. Every vehicle entry point should use reinforced bollards.
Every device is an endpoint. The server is an endpoint. The tablet is also an endpoint. Laptops connected to a data centre network are also endpoints. Even the smartphone is an endpoint when it is connected to the network.
Data centres must ensure their clients are serious about cybersecurity. One weak server can put all other servers at risk. Attackers are always trying to find one unsafe endpoint to get access to the network.
Customers also demand remote access to the power distribution unit. It allows them to reboot their servers. Security becomes critical in such cases. Colocation providers must do their best to secure all endpoints.
Keep all logs, including video logs, in a file for at least 90 days. Sometimes we identify breaches late, but at least we identify the vulnerable systems and entry points.
It is essential to have well-defined and documented procedures. Even regular delivery should be planned carefully. You should not leave anything open for interpretation.
The term audit covers many things, from daily security check ups to physical walkthroughs. Then, there are quarterly PCI and SOC audits. Finally, you should conduct physical audits. They will confirm that the reported data matches the actual conditions.
Data centre size depends on the size of the organisation and its data usage patterns. The following are some of the weakest areas. You should have high security all the time.
The wiring of the entire data centre is there. Firewalls and alarm systems are also there. If an attacker shuts it down, the remote breach would be a piece of cake. Here is the worst that could happen. One group of attackers will physically attack and shut down the wiring room. The other will attack remotely. Here are some ways you can protect the wiring room:
All primary data activities take place here. Machines stored here perform all primary processes of the data centre. They host a network or store the data. It should be secured and maintained correctly. Here is a server room protection checklist.
You will often use a RAID system to store the data. Data should not only be safe but also available. Data sanctity and integrity are equally important. Any data storage facility needs heavy protection from physical attacks. You should take the following steps:
Physical damage to colocation centres can stop business continuity and change customer perceptions. Thus, physical security is one of the primary concerns of the colocation customer. If you convince them on this point, they will easily convert. Thus, colocation vendors must reassess their practices and procedures to address potential threats.
You May Also Like To Read: An ultimate guide to choosing the right colocation providers