Locking down the data centre

There are many tactics that organisations can apply in order to keep the contents of their data centres safe from thieves.

One common technique is simply to keep the data centre’s location a secret. This is easy enough when it is located in a remote rural area, but within the M25 – where many facilities are located owing to demand for fast response times from London-based companies – it is rather trickier.

There are some tell-tale signs that should be considered – a proliferation of manhole covers bearing the name of a telecommunications provider is likely to attract the attention of thieves, for example.

Obscurity is certainly not a fail-safe approach, however, as secrets have a habit of being broken. Documents about the US Department of Homeland Security’s critical infrastructure that were recently published on the WikiLeaks website included the details of two hitherto secret Internet submarine cable amplifier stations located in British seaside towns.

Indeed, some organisations are altogether open about the location of their data centre facilities. Data centre builder Digital Realty Trust, which was recently commissioned to build a new London data centre for card payment giant Visa Europe, even goes as far as providing links to the location of some of its sites using Google Maps.

Another strategy for protecting data centres is to limit physical access. Some organisations have gone to great lengths to do this: credit reference agency Experian, for example, has turned the area surrounding its Nottingham-based data centre in to an artificial swamp.

The US Army Corps of Engineers started construction on a $1.2 billion, 100,000sq ft National Security Agency data centre in January 2011. As one might expect, the security plans have been drawn with military precision.

The perimeter fence has been designed to meet the Department of State’s K12 anti-ram standard, meaning it is able to withstand the impact of a 6,800kg vehicle, such as a tank, travelling at 50mph.

Should determined intruders get through that fence and the automated intrusion detection, they would then have to traverse a 400ft exclusion zone before even reaching the data centre itself.

Web giant Google jealously guards the contents of its data centres – even the servers it uses are built to its own secret design.

Public tours and on-site visits are out of the question at Google – even its own staff cannot come and go freely. Anyone that visits the site must carry an ID card, made using a special lenticular printing technique that is especially difficult to forge.

As befits the company’s analytical bent, Google uses data mining algorithms to scrutinise the access logs created by its entry controls, creating a detailed map of every visitor’s route through the data centre.

Such measures provide an idea of the lengths to which a company for whom information is everything will go to ensure that the equipment that houses its information is as secure as possible.

Henry Catchpole

Henry Catchpole runs Inform Direct, a company records management software company which simplifies the process of dealing with Companies House. The business was set up in 2013.

Related Topics