Inside the ultra-tight security of data centres
By Chubb | 2nd August 2023
By Chubb | 2nd August 2023
Security breaches in a data centre, whether that is cyber or physical, can have devastating consequences for the organisation. Last year, cyber-attacks increased by 38% i from 2021. Hackers are attempting to breach the information of businesses across the world, and the information stored in a data centre can be an attractive target. However, a physical attack can cause just as much disruption, damage, and financial loss for a data centre. Damage to critical servers could lead to catastrophic events such as business closures, economic loss and even planes falling from the sky. In this blog, Nessan Frawley, Technical Sales Leader at Chubb, provides an insight into the ultra-tight levels of physical security many hyperscale data centres adopt to protect their most valuable assets.
Ultra-tight data centre security
Data centres are meticulous in their planning and carefully select trusted suppliers to carry out the installation of their integrated systems. At a hyperscale data centre, for example, there are military-style barriers, gates, and physical perimeter security. But before you even get that far, visitors, including the organisation’s own employees, need to apply for access passes and provide information about the reason for their visit. This includes, but is not limited to, risk assessments, risk analysis, and method statements. Permissions will also need to be obtained if the visitor is required to take photos and/or bring other devices such as tablets, laptops, and phones. Once approved and on-site, typically, the visitor signs in at the security office and provides biometric scans, such as fingerprint, iris, or facial scans. Many of the hyperscale data centres that Chubb has provided solutions for use dual authentication, biometric readers, as well as card readers as a double security layer.
Integrated system
Inside the data centre, security systems are fully integrated. They are all intelligent. Each security device, from the Access Control, CCTV, to monitored alarms, is managed by one system. These devices are constantly capturing and recording information which is managed by both local and remote control centres. Every door inside the data centre is mapped with different alarms and different controls. Some critical infrastructure doors use anti-tailgate systems and anti-passback management to control the movement of people within the data centre. For example, if an authorised visitor swipes their card to open a door and, for whatever reason doesn’t go through the door and the door closes, re-swiping won’t open the door. As far as the system is concerned, that person has already walked through the door. Manned security would have to intervene, investigate, and grant access, with re-authorisation of that visitor’s privileges.
Strict access
As the system is constantly providing data, it can track where and when people move around the building. It only grants access to the pre-agreed areas and prevents people from entering restricted spaces. Any contractor required to carry out works such as electrical, electronic security, and any works that require access to secure enclosures will be further monitored as each cabinet, rack, and enclosure have anti-tamper sensors. The sensors send signals to the control centre, notifying them when a cabinet has been opened. There is full traceability of the contractor’s journey around the data centre. The system records them passing through each door and opening cabinets using pre-assigned keys. If any of the information doesn’t tally, the system will know exactly where, when, and who.
Constantly upgrading
Many hyperscale data centres upgrade their entire security systems to the latest and greatest technology on a regular basis to provide the highest level of security to their customers. As a trusted supplier, Chubb carries out design installation, programming, and commissioning of this work and using industry-leading technologies – everything from the management servers, switches, cameras, and biometric readers, right down to the cables. Many data centres prioritise their ESG and environmental credentials by frequently recycling and reusing their “old” equipment, despite replacing it often. In fact, cameras and card readers are commonly repurposed in real estate settings like warehouses, offices, distribution centres, and manufacturing sites.
Health checks
With the very best equipment, and providing ultra-tight security, data centres also run regular health checks to ensure their systems are operating efficiently. If there is an interruption to the main power supply, then backup batteries will kick in to prevent prolonged periods of outage. These regular checks can highlight everything from battery failure, singular and multiple device failures, to system failure, allowing for immediate remedy. The failover Perhaps the best example of a data centre’s meticulous security planning is its failover. For most of Chubb’s data centre customers, security systems have various layers of protection so that they can remain operational. Additional switches and servers are used as backups in case anything happens to the first one, providing complete system redundancy and backup, eliminating a single point of system failure. Even if a hyperscale data centre suffers a significant breach, there is often a complete failover from one data centre to another. Many of the big players in the data centre world will have GSOCs – Global Security Operations Centres – which ensure that there is always a backup.
Emerging technology
As mentioned previously, data centres are constantly reviewing and periodically upgrading their systems to offer cutting-edge security and protection to their customers. Recent developments in technologies such as enhanced biometrics, video analytics, cloud-based support and much more give extra layers of security to Chubb’s data centre customers. One such example of enhanced biometrics would be the development of long-range iris readers. They are ideally suited for entrance barriers because they can read the iris of the eye through a tinted windscreen, through prescription glasses, from approximately 20 metres away. Chubb is also developing its own innovative technology to provide even tighter security management and control for its data centre customers. Currently, Chubb is piloting a Chubb-developed device that is given to a visitor when they arrive at a data centre. Issued by the data centre security team, it contains all the relevant permissions and essentially becomes their mobile access card. It is Bluetooth enabled and has a built-in camera, so the contractor doesn’t have to take photos on an external device. This provides even greater control and security for the data centre as they can review the device and its contents at the end of the visit. The other intelligent feature is a reminder about the contractor’s allocated time on site. If the visit is scheduled for 3pm until 6pm, at 5pm it will notify the contractor that they have one hour remaining. Another notification will be sent 30 minutes before the permitted time is up.