4 Ways to Build Physical Security into your Data Center

Do you know the best practices for building physical security into your data center, data warehouse, or server room?

Written by . Last Updated:
Build physical security into your data center

Most IT departments spend a lot of time, energy, and money protecting data from network threats or malware,  yet they often fail to protect against the risk of a stranger (or an employee) simply walking into an unsecured data center or server room. If you just glanced over to your unlocked, ajar data center door, we’re looking at you buddy.

The truth of the matter is the thief in the flesh can do just as much damage as the hacker in the hoodie thousands of miles away. We’ve assembled a few best practices and tips to get you thinking more about enhancing your physical data center security.

1. Don’t Leave the Key in the Door

You might think is an obvious one, but it happens pretty frequently at smaller or mid-size companies. It might be easy and convenient to leave your key in the door, and every once in a while you may just honestly forget you left it there, but it poses a big security risk to the entire organization that’s not worth the convenience.

2. Require Two-factor Authentication

Let’s face it, as few people as possible should have regular entry and access to the data center. For those people that do have access, requiring two forms of authentication is soon becoming industry standard. Badges are a good first step, followed by biometric security such as fingerprint scanning or hand geometry. If you want to tighten security even more, you can put scales outside the entrance of the data center for employees to weigh themselves before and after entering to ensure nothing is taken from the data center

3. Set up a Mantrap

A man trap is a small room outside the data center with one entry door to the data center and an exit door to the non-secure area. Mantraps limit access by permitting that one door can be unlocked and opened only after the other door has been locked and closed. Authentication procedures can be required at either door or just at the entry to the data center. Both doors can require separate security credentials, and if access is denied at any point, alerts can be triggered back to the data center manager or IT Operations staff. Essentially, mantraps eliminate piggybacking by unauthorized individuals into secure areas. However, they are an expensive investment, so you really have to determine if your organization needs this extra layer of security.

4. Individual Rack-Level Security Measures

Most of our tips so far have focused on access to the data center, however it’s also important to consider individual rack level security. Relying on the use of locked cages can help improve security and better segment access for various levels of users. A lot of data centers rely on manual keys, but the problem is these locks only provide minimal protection and can easily be broken. Organizations looking to improve rack-level security can deploy network-enabled electronic key pads that can be opened with code access for specific sets of time or times of day.

Ultimately data center security can mitigate serious risks, but also comes with its own costs. With increased security, the data center becomes less accessible when IT users need to make fixes or perform maintenance, and security generally requires more upkeep and money to ensure systems are continually protected. The amount of physical data center security tactics you employ depends on a wide range of factors such as company size, location, and IT staff. But like any form of security, it provides a little more peace of mind that can go a long way. The challenge lies in striking the right balance between security and operability for your organization’s needs and size.

Download the White Paper 6 Obstacles to Data Center Scheduling and Automation to find out more about best practices for the data center.

Recommended Resource

Kaitlin Olcott was a contributor to IT Automation Without Boundaries, covering workload automation, data center automation, cloud management, and more.