Data Center Security Checklist
Understanding how a data center works is one thing and securing it is another. There are both hardware / physical and software / virtual components to a data center. Determining what physical assets and components are housed within your center is a good starting point to assess which components are secure and which ones may need additional security measures put in place. Mark these points on your Data Center Physical Security Checklist:
1. Site location and perimeter. This deals with understanding where the data center is geographically and physically located. Items which may come into play in understanding this aspect include things such as whether or not the building is in a flood zone, along a fault line, or in an area prone to other natural disasters. In terms of the perimeter, standard security measures should be in place and include such things as closed cameras for monitoring, fencing, proper lighting, and other safety elements,
2. Computer rooms. The areas which house the actual data equipment should be listed and all assets accounted for. Then these areas need to have security measures in place such as access control, fire alarms and monitoring, a robust cabling infrastructure to support all data flow, and heating and cooling systems in place that are proper and inspected.
3. Disaster recovery initiatives. In the event a disaster strikes a good physical security checklist will also be able to point out what needs to be retrieved versus what has been backed up and perhaps stored remotely. This is important in the world of today's data centers which require constant uptime for operations.
4. Employees/Visitors. Understanding who comes in and out of a data center is also part of the physical security of the building and its contained equipment. Employee breaches account for lost data, and disgruntled ex-employees and associates can do more harm than good at times. Because of this, maintaining policies and procedures to stave off visitors and unwanted guests in a data center is important. This is something that would link back to access control and CCTV monitoring.
A data center needs to be treated, from a baseline security standpoint, like any other facility where it needs safety, security, life safety, and fire prevention systems in place to keep occupants safe and secure. Add to that the importance of the actual pieces of equipment contained and how much they impact daily operations, and it becomes clear that those inanimate objects need to be protected as well.
All of the physical security elements are interrelated and can be used in conjunction with one another. It is imperative to maintain a master asset list which lists by name, part number, serial number and other identifying information everything physically contained within a data center. But, it is equally important to be aware of the other factors that can threaten the data center itself, which is why making a comprehensive checklist that contains some of the items above is in one's best interest.
Image Credit: Wikimedia Commons, US Air Force Computer Room