Event Recap
RECAP | ROUNDTABLE | Data Center Security: Behind the Perimeter
Inside Track’s March 7th roundtable Data Center Security: Inside the Perimeter included a lengthy discussion of the risks created by third-party vendors accessing data rooms. Roundtable participants quickly agreed upon a consensus position: all vendors working in the data center need to be vetted thoroughly and submit to a variety of identification procedures before gaining admittance to the facility.
While procedures and equipment varied from facility to facility, the basics remained unchanged. All the participants agreed on the need to screen vendor personnel and make them pass through several identity checks as a validation. In addition, the participants also described a lengthy list of physical barriers. Participants also agreed on the need to develop a set of house rules, which should be presented to vendor staff and explained before access is granted.
Most participants also agreed on the need to escort vendors on-site. However, one individual noted that eliminating vendor misbehavior was not possible in all instances and that his company felt that the screening process would be cost prohibitive. The majority, though, acknowledged the cost and inconvenience, noting that facility resources could be stretched when large numbers of vendors were on site.
Many of the roundtable participants suggested that fiber vaults were a worrisome vulnerability. The participants felt confident that their fiber paths were secure within their perimeters, but this, they worried, was insufficient.
Few solutions seemed promising, but several participants noted that the onus did not have to fall entirely on one data center in an area where many data centers are clustered together. They could, in theory, collaborate with each other, and the local telcos, to develop a protective scheme. One participant noted,
“They (neighboring data centers) may be our competitors in sales, but they are not our competitor in security. Not competitors but colleagues.”
The session took a somber tone, when a participant raised the issue of active shooter scenarios, with one participant saying that her company prepared under “when not if” assumptions. It was noted that many data centers already include protections such as perimeter walls and experienced former military and law enforcement personnel on staff that would tend to exclude active shooters, especially from data rooms, but additional precautions are needed to protect staff.
One roundtable participant deploys avoid, deny defend technique while another preferred run, hide, fight. A third participant noted this his facility had also focused on improved medical response and preparation.
While procedures and equipment varied from facility to facility, the basics remained unchanged. All the participants agreed on the need to screen vendor personnel and make them pass through several identity checks as a validation. In addition, the participants also described a lengthy list of physical barriers. Participants also agreed on the need to develop a set of house rules, which should be presented to vendor staff and explained before access is granted.
Most participants also agreed on the need to escort vendors on-site. However, one individual noted that eliminating vendor misbehavior was not possible in all instances and that his company felt that the screening process would be cost prohibitive. The majority, though, acknowledged the cost and inconvenience, noting that facility resources could be stretched when large numbers of vendors were on site.
Many of the roundtable participants suggested that fiber vaults were a worrisome vulnerability. The participants felt confident that their fiber paths were secure within their perimeters, but this, they worried, was insufficient.
Few solutions seemed promising, but several participants noted that the onus did not have to fall entirely on one data center in an area where many data centers are clustered together. They could, in theory, collaborate with each other, and the local telcos, to develop a protective scheme. One participant noted,
“They (neighboring data centers) may be our competitors in sales, but they are not our competitor in security. Not competitors but colleagues.”
The session took a somber tone, when a participant raised the issue of active shooter scenarios, with one participant saying that her company prepared under “when not if” assumptions. It was noted that many data centers already include protections such as perimeter walls and experienced former military and law enforcement personnel on staff that would tend to exclude active shooters, especially from data rooms, but additional precautions are needed to protect staff.
One roundtable participant deploys avoid, deny defend technique while another preferred run, hide, fight. A third participant noted this his facility had also focused on improved medical response and preparation.
Request an evaluation to view this report
Apply for a four-week evaluation of Uptime Intelligence; the leading source of research, insight and data-driven analysis focused on digital infrastructure.
Already have access? Log in here
Posting comments is not available for Network Guests