In the digital age, data centers are the silent guardians of our connected world, says Tina Hughan, Global Marketing & Sustainability Director at Gunnebo Entrance Control.

Mission critical

Data centers are the mission-critical facilities house the technological infrastructure that powers our businesses, communications and everyday lives.

As the value and importance of the data they hold continues to grow, so too does the need for robust security measures.

Securing data centers goes beyond firewalls and encryption; it begins at the very threshold of these facilities.

The ramifications of allowing a data breach can be devastating to companies of any size, leading to a loss of confidence by business partners or customers and significant financial fallout.

One proven way to steal data is to gain physical access to a network or servers.

While strong firewalls and other cybersecurity measures can help prevent unauthorized logical access, hackers are more frequently breaking into data centers where they can easily plug into any IP connection or steal a laptop or server and walk out with it.

With security often perceived as an afterthought, criminals have the potential to talk their way through even the most professional security guards, slip in behind an employee who politely holds the door open for them, tailgate through access control or use stolen credentials to get into (and out of) a facility.

In the current climate, when cybersecurity teams are overstretched, intelligently supporting and managing data center security challenges is critical.

The same is true for data center security admins; as threat actors learn new ways of launching and hiding their attacks, they will need support to be more proactive to defend their estate.

With an increased reliance on smarter technology and outsourced security services, the need for authorized and controlled access is vital.

Compliance with legislation that covers security controls continues to grow in complexity and must also be addressed.

Evolving threats

Threat actors are continuing to evolve their ways to try to hack their way into the large and diverse amount of information that supports our global infrastructure and businesses.

Cyber-crime itself was up 600% due to the COVID-19 pandemic and is estimated worldwide to cost $10.5 trillion by 2025.

The opportunities for attack are diverse.

Vulnerabilities in data centers include ownership, geography, physical perimeter, data halls, Meet Me Rooms (MMRs), supply chains, staff, visitors and cybersecurity in a concerted effort to breach data centers’ defenses, tamper with sensitive information or disrupt critical services.

First line of defense

It seems as though not a day goes by without a headline highlighting how an organization, government unit or wealth of business data has been breached.

The common causes of data breaches are often weak or stolen credentials but coming equally close are application vulnerabilities.

Why bother with the complicated world of hacking when there are vulnerabilities on the site itself? 27% of data centers see the current security of their site as inadequate and in urgent need of updating.

Organizations with a poor security posture are more likely to lose customers.

Businesses that don’t keep a tight rein on who has access to what within their organization are likely to have either given the wrong permissions to the wrong people or have left out-of-date permissions around for a smiling hacker to exploit.

The same is true for insider threats. The rogue employee or the disgruntled contractor may have already been permitted to access your data; but what’s stopping them from copying, altering or stealing it? Any unusual behavior must be instantly recognized and revoked.

Close to the core is entrance control, which lies in its ability to be the first line of defense against physical security threats.

By implementing effective entrance control measures, data centers can mitigate the risk of unauthorized access, theft or sabotage.

They ensure that only authorized personnel gain entry, reducing the potential for data breaches and physical security incidents.

Entrance control solutions often integrate with access control systems, providing real-time monitoring and audit trails, enhancing compliance with regulatory requirements and providing invaluable data for forensic analysis in the event of a security incident.

Regaining physical security control

To combat these diversified threats, operators need to approach data center security holistically and early on.

By bringing together the physical, personnel and cybersecurity of data centers into a single strategy, security and facility managers can better withstand the diversified methods state threat actors, cyber-criminals and others may use to attack them.

There is no one-size-fits-all approach to holistic data center security.

Every data center operator will need to consider their risk assessments before the design and installation of critical security infrastructure.

Data center operators and their customers should both have individual risk management strategies designed to protect their critical assets and systems.

It will need to be based on understanding the risks and protective security strategies available to mitigate the individual risks and consider worst-case scenarios to enable every consideration of how a threat actor could manipulate the system and gain access. 

Case Example: NEXTDC

NEXTDC is Australia’s leading data center as a service company, designing, constructing and operating data centers across the country.

It is currently operating ten data centers in all major capital cities as well as several regional centers.

Recognized by the government as critical infrastructure from July 2021, NEXTDC is also certified to the highest strategic level across all of its sites.

To maintain this high standard, its data centers rely on a range of security products, protecting the complete sites and their assets.

David Dzienciol, NEXTDC Chief Customer & Commercial Officer explained: “This level puts NEXTDC in a class of our own concerning delivering services that are sovereign and secure.”

On entering the facilities, staff and visitors are met with a hostile vehicle mitigation system and then the next barrier: a secure guardhouse with bullet-proof glass.

Revolving security doors present a three-step verification process including biometrics, RFID and a pin-code.

These sophisticated doors also offer single-person detection, anti-hostage threshold, bullet-resistant safety glass and high-accuracy verification through an inbuilt reader.

Further security doors and partitions have been added at other points within these data centers, together with electronic surveillance systems.

On the way out of the facilities, there are security measures in place, like the spike tech grip which manages the flow and also negates any capability for persons to tailgate in through the precision exit gates.

With further lockdown options, teams and visitors can be assured of access only when needed, controlled and recorded.

Securing infrastructure

In summary, data center security continues to grow in importance as the global digital economy expands.

Cyber-threats evolve and become more sophisticated and the need for robust physical security measures is paramount.

By ensuring that physical access right from entrance control to data centers is tightly controlled and monitored, organizations can significantly reduce the risk of unauthorized access, data breaches and other security incidents.

This article was originally published in the September edition of Security Journal Americas. To read your FREE digital edition, click here.