At one time, corporate security focused on C-suites and front-door access control at the headquarters. But as workplace violence continues to evolve, more corporate settings are adopting a layered security approach to multiple levels of a corporate facility—and applying it to a wider range of their facilities.
“We saw this a little bit in the past,” says Total Security Solutions CEO Jim Richards. “But just as many companies are thinking more about employee health and well-being, we’re also seeing increased interest in layered security solutions that protect a wider group of employees.”
There Haven’t Been Thieves at Your Data Center—Yet
Data centers are a good example of a facility that gets forgotten about when it comes to security. Until recently, these were safe simply by virtue of isolation. As Jim Richards has pointed out, “These are basically warehouses that are secured and climate-controlled, designed to hold a gazillion servers. They want to be off the beaten path, where utilities and land are cheap. Folks who live and work in these sorts of areas almost always say ‘nothing unexpected ever happens around here’. It’s very easy for that way of thinking to drift into a false sense of security. Because there’s no reason it couldn’t happen here, just that it hasn’t happened yet.”
And as data and hardware have become more valuable—and the collection and use of that data more politically charged—those previously unexpected things have started happening, with increased frequency.
In some of the earliest cases, thieves targeted the same Chicago-area server hosting company four times between 2004 and 2008. Attackers slipped through a poorly secured doorway on one occasion and circumvented security by breaching a wall on another. In at least one case, they assaulted a lone IT worker and took him hostage while they hauled away thousands of dollars in equipment.
By 2011 thieves had targeted Vodafone and Verizon data centers several times. They stole equipment (likely for resale) and caused large mobile phone service outages in the process. Thieves have also plundered both expensive hardware and sensitive user information from streaming video services. In 2015, a thief forced his way into the server room of children’s charity Plan UK. He took five servers containing information on 90,000 supporters (including names, addresses, contact details, and banking information). And in 2018, authorities in Iceland arrested 11 people involved in a data center robbery ring responsible for stealing 600 servers worth almost $2 million.
Vigilance, Corporate Security, and Ideological Attacks
In 2021, the threat landscape for data centers evolved significantly. Soon after the January 6 insurrection at the U.S. Capitol, ideologically motivated threats of violence targeting Amazon data centers began to bubble up online.
In response, Amazon Web Services’ vice president of infrastructure operations, Chris Vonderhaar, emailed data center teams, warning them of threats targeting “our local teams and facilities, including our data centers,” and urging them to “Be safe. Be vigilant”:
“We all need to [be] vigilant during this time to keep one another and our facilities safe. If you see something, say something—no situation or concern is too small or insignificant.”
As it turned out, these concerns were justified. In April federal agents arrested Seth Aaron Pendley. Pendley was at the Capitol on January 6 and brought a sawed-off rifle to Washington that day. Soon after leaving Washington, he began plotting to bomb data centers, targeting an Amazon facility. As the Washington Post reported, “[Pendley] shared hand-drawn maps of the Amazon data centers, with multiple routes in and out of the buildings.” He ultimately sought to acquire C-4 explosives to use during his attack.
These instances reinforce the importance of layered security across all aspects of a corporation. While the data centers are not the corporate headquarters filled with people, they have just as valuable information and assets within them and should be protected and secure.
Layered Security for Data Centers
“We’ve done security installations for global Fortune 500 companies, for visiting dignitaries. A data center is a lot less glamorous. But from a physical security standpoint, it can be really challenging: different points of entry, almost like governmental facilities,” Jim notes.
“You really need to look at the entire facility, think about all the reasons that place might be targeted, and think in layers if you want to protect the people working there. Increasingly, people seem to be whipping themselves into a frenzy about this issue or that one. There’s no way they can get at the CEO of Amazon or Facebook. So they are choosing new targets, ones that they have reason to believe are low-hanging fruit. Layered security—cameras, windows, access control throughout the facility—is increasingly a key element for what was previously the ‘most boring’ place in most organizations.”