Former Counter Terrorism Security Advisor Damian Worsley of Abbey Protect talks about Data centre security and the need for an all encompassing approach.
I studied Computer Systems Engineering at University and at that time, over thirty years ago I hasten to add, we were using state of the art computing systems that compared to now are less powerful than a mobile phone.
What will another thirty years bring? Computers are shrinking in size whilst the data storage systems are increasing in size and volume as internet access increases and our way of life becomes more reliant on the electronic systems we use. We manufacture using computers, we heal people using computers, we travel using computers, we shop using computers and the youth of today communicate better via computers than other more traditional methods. Electronic systems are vital to the vast majority of the world.
These systems require connectivity and storage to function and has been termed ‘the digital universe’. It is doubling in size every two years, and by 2020 the data we create and copy annually is estimated to reach more than 40 zettabytes, or 40 trillion gigabytes. Although most Data Centres are new build operations, the requirement for near ‘end user’ facilities can mean re purposing existing buildings as Data Centres as well as using existing spaces within company buildings as server/data storage rooms. This can then present vulnerabilities, due to not being able to design in security features, to malicious attacks on these systems.
Security around Data Centres should not just be limited to software precautions but should permeate all aspects of an operation. The first step in a security review should be looking at the policies and procedures of the company to ensure that all physical security installations achieve an overall integrated approach that addresses the risk assessment and provides demonstrative, defensible and effective mitigation. These measures need to be cost effective and simple to ensure that there are minimal resilience factors required for complete recovery.
When looking at a location it is always best to think in layers from the perimeter inwards. Most locations have good access controls and operate vetting procedures prior to employing personnel, but the greatest threat to any security system is human error. This can occasionally be a deliberate ignoring of procedure due to easing access whilst carrying items or to allow cool fresh air into the office area. That is why robust physical security measures are important for all locations not just the perimeter and entry controls to a location. By ensuring that doors and windows are protected from forced entry as well as blast you can ensure maximum resilience to most adverse effects.
When talking of blast as a risk concept it is not just explosions caused by disaffected individuals and organisations that we must consider. Explosive damage can be caused by industrial accidents on site as well as colocation issues with nearby hazardous chemical sites and the explosive power of adverse weather conditions can have devastating effects infrastructure if we have not taken environmental risk into consideration. The effect of having glass fragments and dust in a data floor environment can be detrimental to its operation and robust secure blinds can mitigate against these effects to enable a company to continue functioning after an adverse event whilst maintaining a level of forced entry protection.
All security should function in conjunction with all the aspects that a risk assessment has identified as needing addressing. Good governance by a responsible individual should lead to a security conscious ethic within the work force and ensure that with the correct physical security around the cabinets, rooms, building and perimeter a profitable and secure location in which to operate.
For more interesting articles or to connect you can view Damian’s impressive bio on LinkedIn here
Damian Worsley LCGI