We’ve talked a lot about data centers and their hardware and software setups. It’s time to focus on another side of these facilities that is often not talked about a lot – its physical security and operations. There’s far more to this topic than just cooling and room setups that we’ve already covered in previous blogs.
It’s also important to explore options about the physical security of data centers along with additional tips to improve their overall operations. Often, it’s the small things that make the biggest difference, and in this case it’s no exception either. Making sure the building that houses the data center is smart is key to getting the most out of the facility.
Thankfully, today there’s plenty of smart devices and technologies out there to help collect, analyze and utilize a lot more data. At first glance, most of these things might seem obvious, not that important or easy. That’s why they can often be neglected or overlooked, but in reality, it’s highly recommended to take note of them and consider using them whenever possible. Once you start using them, you will see that many of them are quite a bit more important – and challenging – than maybe you expected, especially when you start seeing the results from implementing them. So, let’s explore some of them and see how they can help the data center operations and physical security.
A building is no longer just a four walls and a roof. It’s a much more complex infrastructure which can be likened to a living organism. The more systems it has, the bigger the need for proper monitoring and maintenance. There are plenty of factors to monitor for a data center building. By creating a network of IoT devices, smart systems and processes, data center operators can efficiently collect information about their facility. They can track every detail and figure out insights which might not otherwise even be on their horizon, DataCenterKnowledge reports.
For example, imagine tracking when people come and go with sensors at the doors. This is useful not only for finding out busier times, but also how long the doors stay open, what effect that has on the room temperature and therefore the pressure its putting on the AC systems trying to keep a certain level. Or to create “heat maps” where people gather the most and find out if there are more efficient ways to improve their movement around the servers.
Going into a bit more detail, monitoring temperatures is one of the most important data insights for a data center. Of course, most data centers already do indeed monitor their server room temperature, and this is vital for their cooling solutions and settings. But we can and should go beyond a simple average room temperature. By adding more sensors and a smarter system, we could also find out if there are specific areas within the rooms where there’s more heat building up.
For example, maybe the cooling is not optimal in a certain area or some racks are producing more heat than others? By addressing these local higher temperatures, you can solve a lot of potential additional problems. Building analytics is the key to figure out these spots and to detect potential cooling equipment failures or even poor system or room design which builds up heat at specific places.
Humidity also plays a big role in data center cooling and providing overall good conditions for the hardware and workers. So, by adding sensors that can track humidity levels, you can gain many more insights. For example, you could discover places where condensation is building up or if there are conditions that would make it easier for it to happen. If it does, it can lead to electrical shorts and critical failures of hardware. And no one wants that, right?
Detecting the buildup of too much humidity is important for workers, too. Improving the working conditions for the team is key to attracting and keeping quality employees. They will in turn make sure everything in the data center is operating smoother.
Hardware monitoring and management
A typical data center houses thousands and thousands of hardware components. It can be a very difficult challenge to keep track of them all manually or by other traditional means. Why not take advantage of the new technologies and place monitoring systems with sensors so that employees can always have an easy way to check and keep track of when a server is moved from place to place. The same system can also help knowing when certain equipment is being changed, replaced, upgraded, etc. This improves cost tracking, too.
Hardware monitoring systems are also good for management. Especially when teamed with the other systems like temperature and humidity tracking along with security. Imagine getting alerts for a server that starts running hotter than normal and therefore being able to check it out well before it ever crashes. This is a great way to automate the basic monitoring to improve the overall operation of the data center.
The same goes for power consumption. With proper systems you will be able to see which areas and servers are consuming more energy and whether the grid needs further optimization for that or not. It’s also possible to track energy usage for each server and get alerts if one of them shows abnormal activity. That can be an energy spike or drop, both indicating possible hardware issues that need to be dealt with priority. Or at the very least to discover that the server would benefit from more power to function properly.
Physical tampering with hardware before you get it
Moving onto the security portion of the topic is where it gets even more interesting. One possible risk to consider is well before you even get your latest hardware to the data
center building. For example, you may have the best possible access controls to the data center itself, but that may be moot if someone gets hold of the hardware before it reaches the building. Physical breaches of hardware and data centers are rare, but not impossible. And if a malicious person or group is really determined to get access to the data center, such physical attacks become a possibility.
In order to manage this particular risk, you will need to build and maintain strong relationships with the supply chain you use for hardware purchases and deliveries. These relationships will allow to put in place robust security controls and procedures to make sure no one tampers with your hardware at any point from the factory until it reaches your data center. It’s a risk that may seem a bit too out there and only done in movies, but don’t underestimate it.
Unauthorized movement and/or malicious insiders
Sometimes you may get attackers who actually physically show up at your data center. Chances are they won’t be like in the movie “Live Free or Die Hard” where the baddies attack the data center like you would expect they would in an action flick. No, in reality they will be much more discrete; so having proper systems in place to detect these activities is key. It may never happen, but without such systems chances are you will never know when it does.
The obvious one is to secure the perimeter of the data center. But you should also monitor the insides of the building. Physical access controls should be in place and not just for the main doors to rooms. You can and should use them for accessing specific server racks, cages and other equipment. If someone is not where they should be, you should know this information quickly. This risk can be even more important to manage if your data center offers colocation services.
Physical tampering on the spot
That’s another risk to consider. If someone manages to get access to a server or other equipment and they have malicious intent, they could hack the server on the spot, or even damage it. The latter is less of a risk, but installing additional tampering hardware or software on the server can be a serious issue, especially since it can come from a trusted worker or an authorized visitor.
This can be very tricky to detect and handle. It requires a mixture of on-the-spot systems to monitor movements and activities down to simply pulling a cover off, along with software detection of any changes made to a configuration – be it hardware or software changes. On premises security should also be trained to handle such events no matter how small the possibility may seem.
Hacking of software-based security systems
How did the malicious person get inside? Well, maybe they had a bit of help by hacking or otherwise tampering with your on premises security systems beforehand? Cameras are
great and modern ones can even track and analyze behavior based on movement. Despite that, they can still be hacked.
So, don’t neglect the good old physical security protections. Among them are additional locks for different access levels. Some basic “offline” protections can be a last line of defense if hackers manage to get access to your authorization software and basically add a whole new access profile for the malicious person which will physically visit the data center.
Remote attacks on the physical infrastructure
Sometimes the goal might not actually be the data inside of the data center. Hackers could simply want to disrupt its entire operation. In this case, they could try carrying out remote attacks on the physical infrastructure of the data center. That may be tampering with the energy delivery, water supply, cooling, etc. Maybe even simply gaining access to the security system and triggering a bunch of false alarms to wreak havoc on the systems.
Such attacks are rare, but still possible. As such they should be part of the security strategies and making sure there’s a response in the event of one. At the very least, try to make sure there’s a lot of security in place for systems which can be remotely accessed. In this day and age, remote access to critical systems is needed, so we can’t simply turn it off and call it a day.