Data centre security – what to look for

Posted on in

With every data centre tour we deliver and each colocation proposal we send out, it’s clear enough to us from the questions that we’re asked:

Security is high on the priority list when a new data centre partner is being assessed. It’s an understandable area of concern – every client that is considering taking cabinet space at one of our data centres is effectively looking to entrust a fundamental part of their business to us.

Everyone knows it’s important – but what exactly should you be looking for in terms of security at a data centre and what reassurances should you ask for during your selection process? What are the “must haves” that will give you full confidence that a colocation facility is fit for the purpose of hosting your equipment?

Literally, what to look for

“What to look for” is the pertinent question here, and if you’re on a data centre tour (absolutely the best way to carry out your due diligence) a range of physical security measures should be apparent to you before you even get through the doors of the facility.

The question goes: “How do you get into a data centre?” The answer? “You can’t. Not unless you’re authorised to do so.”

Ideally then, you’ll be greeted with anti-climb perimeter fences, controlled access for cars and pedestrians, 24-hour monitored CCTV with audio challenge capabilities: potentially intimidating to the well-meaning visitor, but necessary features to prevent unauthorised access at the first layer of protection. Once your pre-arranged access has been granted and you gain access to the building, take note of electronic locks, turnstiles, virtual tripwires, and mantraps.

All this before you get to the data centre halls themselves, which – with a multi-factor security approach in mind – might be protected by biometric access control, while servers themselves are ideally housed in unmarked locked cabinets or cages, which can only be accessed by the key or PIN holder.

Accreditations… and the knowledge behind them

Accreditations are a good way of establishing how seriously a data centre takes security – after all, they can verify that a facility upholds industry-recognised standards. ISO27001 is the best-known international benchmark for information security management and is a key standard to ask about, while any additional accreditations will speak for how much time, effort and investment the colocation provider dedicates to security and compliance (e.g. BS5979 security, NSI Gold scheme certification, on-site presence of SIA-approved personnel etc.).

Achieving accreditations is one thing, but a working knowledge and willingness to provide you with a detailed overview of security controls, policies and procedures is going to be vital if, for instance, you have important compliance obligations to achieve now or in the future. Can the staff at your chosen facility sit down with your audit team to help you establish whether the site can fulfil your requirements?

On this note, it is worth noting that solid security isn’t just about infrastructure, but also about the people running it. This will be reflected in their level of expertise and understanding of the risks themselves.

More information

For comprehensive follow-on reading, download our Data Centre Security Checklist. And, if you’d like to visit one of our facilities in Manchester or London-edge to assess our security measures, book a personalised tour with one of our team.