There are plenty of complicated documents that can guide companies through the process of designing a secure data center–from the gold-standard specs used by the federal government to build sensitive facilities like embassies, to infrastructure standards published by industry groups like the Telecommunications Industry Association, to safety requirements from the likes of the National Fire Protection Association. But what should be the CSO’s high-level goals for making sure that security for the new data center is built into the designs, instead of being an expensive or ineffectual afterthought?
Updated: March 31, 2015. Read below to find out how a fictional data center is designed to withstand everything from corporate espionage artists to terrorists to natural disasters. Sure, the extra precautions can be expensive. But they’re simply part of the cost of building a secure facility that also can keep humming through disasters.
1. Build on the right spot. Be sure the building is some distance from headquarters (20 miles is typical) and at least 100 feet from the main road. Bad neighbors: airports, chemical facilities, power plants. Bad news: earthquake fault lines and (as we’ve seen all too clearly this year) areas prone to hurricanes and floods. And scrap the “data center” sign.
2. Have redundant utilities. Data centers need two sources for utilities, such as electricity, water, voice and data. Trace electricity sources back to two separate substations and water back to two different main lines. Lines should be underground and should come into different areas of the building, with water separate from other utilities. Use the data center’s anticipated power usage as leverage for getting the electric company to accommodate the building’s special needs.
3. Pay attention to walls. Foot-thick concrete is a cheap and effective barrier against the elements and explosive devices. For extra security, use walls lined with Kevlar.
4. Avoid windows. Think warehouse, not office building. If you must have windows, limit them to the break room or administrative area, and use bomb-resistant laminated glass.
5. Use landscaping for protection. Trees, boulders and gulleys can hide the building from passing cars, obscure security devices (like fences), and also help keep vehicles from getting too close. Oh, and they look nice too.
6. Keep a 100-foot buffer zone around the site. Where landscaping does not protect the building from vehicles, use crash-proof barriers instead. Bollard planters are less conspicuous and more attractive than other devices. Or you could do as Apple and Google have done in hiring security guards.
7. Use retractable crash barriers at vehicle entry points. Control access to the parking lot and loading dock with a staffed guard station that operates the retractable bollards. Use a raised gate and a green light as visual cues that the bollards are down and the driver can go forward. In situations when extra security is needed, have the barriers left up by default, and lowered only when someone has permission to pass through.
8. Plan for bomb detection. For data centers that are especially sensitive or likely targets, have guards use mirrors to check underneath vehicles for explosives, or provide portable bomb-sniffing devices. You can respond to a raised threat by increasing the number of vehicles you checkperhaps by checking employee vehicles as well as visitors and delivery trucks.
9. Limit entry points. Control access to the building by establishing one main entrance, plus a back one for the loading dock. This keeps costs down too.
Picture’s worth 1,000 words? Then you’ll like The Illustrated Guide to Security, featuring dynamic visual presentation of a dozen critical security issues [CSO Insider registration required]
10. Make fire doors exit only. For exits required by fire codes, install doors that don’t have handles on the outside. When any of these doors is opened, a loud alarm should sound and trigger a response from the security command center.