The Importance of Data Center Physical Security

In a recent interview with MLive,Total Security Solutions CEO Jim Richards explained, “I’ve been around the bulletproof industry for 21 years. A long time ago, you only saw bulletproof products used to protect money. We took a different approach and wanted to help your most valuable asset, and that’s people.”

But stopping bullets isn’t the only way that a physical barrier protects people.

High Stakes with Data Center Physical Security

There are thousands of large data breaches each year. And that pace is quickening, even as our technology and security seem to improve. Each of these hacks disrupts tens of thousands of lives. This isn’t just an annoyance to the techs who have to clean up the mess (or the embarrassed celebrities whose private emails and photos end up online). Through data breaches bad actors disrupt vital services, knock voting systems offline, and rob millions of people each year. In 2017 alone data hackers victimized 15.4 million people, stealing an average of more than $1000 from each.

Since 2016, data breaches have crashed the power grid in Kiev, and exposed obscene amounts of sensitive personal information, including hundreds of millions of voter records, the private and financial records of 145 million Americans, and every single one of Yahoo’s three billion email accounts.

“We’ve secured data centers,” Jim notes, “and it’s becoming more common every year. Like I’ve said before, it isn’t because anyone thinks someone is going to bust in there and start popping off rounds at computers. It’s because data center operators are taking a comprehensive, 360-degree look at their security. And it’s because these companies understand that more lives are at stake than just the people staffing that building.”

bulletproof glass bullet resistant barriers

Data Centers and Big Data are Big Targets

As we noted back in 2016, off-site data storage and cloud computing have become essential to daily life.  Since then cloud services have become even more vulnerable. Not only is it still the case that a single data center—even a single physical machine—may store data and house services for many public and private entities. Now we also know that a large portion of those physical computers can be harmed by hardware bugs like Meltdown and Spectre (both of which are difficult or impossible to patch at this time).

T.J. McComas heads a group specializing in physical security for the IBI Group (a leading global architecture and engineering firm). As he explains, “IT security has taken the foreground in the security realm.” This is definitely a good thing.

But IT security focuses on remote hacks, network intrusions, and “zero-day” hardware bugs like Meltdown or Spectre. Nonetheless, McComas reminds us, “the easiest way to gain access to a computer system is physically.” This is the case even if a machine is entirely up-to-date and being operated according to all security best-practices. “If you are physically in front of that computer, there are hundreds of things you can do in a matter of seconds—plug in a USB drive with a pre-loaded Trojan, clip a vampire tap onto a cable, plug in a hardware keylogger—and that network is completely compromised. With the increase in technology and reliance on information, being able to physically protect the information is going to demand a lot more physical barrier systems and hardened rooms to house them.”

Securing Data Centers with Ballistic Barriers

In terms of building design and programatic needs, a data center is very much like a manufacturing facility:

  • Rambling light industrial facilities
  • Lots of floorspace
  • Many halls, many doors, few workers
  • High electricity consumption
  • Low occupancy
  • Sited “off the beaten path”

Being off the beaten path is vital. Data centers need cheap utilities and lots of land—and data center operators want to warehouse your data someplace where “nothing unexpected ever happens.”

But being tucked into the quiet corners of middle America often leads to a false sense of security. McComas finds that the owners of these sorts of facilities often treat security as an afterthought.  “Since nothing has happened,” McComas says, “the conclusion is that the security works. But, in many cases, it isn’t that the security works, it’s just that they’ve been lucky.”

According to Jim Richards, “These are basically warehouses that are secured and climate controlled, designed to hold a gazillion servers. It’s not glamours work. But from a physical security standpoint, it can be really challenging: different points of entry, different doors, almost like some governmental facilities. You really need to look at the entire facility, and think in layers if you want to protect the data.” 

Also, you need to be able to easily tie all of this into a central tracking and control system. “That’s why TSS doors, for example—even our stock models—are custom built,” says Jim. “Each door can be engineered to easily accept any control devices, wire runs, and electric strikes your data center’s access system demands. That’s why there’s no cookie-cutter solution here. You need to look at all the factors and design for that unique situation.”

Back to Blog