Event Recap
RECAP | ROUNDTABLE | Data centers are more visible - a look at site risks in a world that knows their importance
This roundtable: Data Centers are more visible – a look at site risks in a world that knows their importance, looked at what are the modern considerations with regards to the physical security of a data center facility.
The Uptime Institute Consultant leading the discussion – Nick Archer, Senior Consultant – and EMEA Membership Director Lizabeth Hood started the discussion having a look at recent events to hit the news regarding threats and anger towards the industry and recommended an Intelligence Report “Data Center Security: Reassessing physical, human and digital risks” to those attending.
This roundtable was very well attended, and this allowed us to hear the experiences of members from Kuwait to USA, and from both Colocation and Enterprises – some shared and some very personal to the location and/or industry the member is in.
For the colocation providers in particular, there was a general consensus it is no longer an option to keep the locations of their facilities private. Many customers are keen to advertise where they are located, especially if they want to publicise the sustainability policies of the Colocation company, and often there are many legal planning documents held for public viewing.
There is also an internal debate between the Security and Marketing teams for colocation facilities. Marketing are keen to promote their branding as much as possible, and this often means requests for large logos on the side of the facilities. However, this is not a policy those involved in the Security of the data center are keen to allow, they wish to try and keep some anonymity. Interestingly we had the chance on this roundtable to be joined by a Head of Marketing for a colocation facility that is branded on the outside, he understood the conflicts and reservations of doing so, but brought the viewpoint that once an organisation gets involved in public projects or has customers that wish to announce their location with them it allows the colocation organisation to make the most of the benefits of being able to push their brand openly.
Looking at the challenges that are being currently faced it was clear there are differences with existing facilities and those that are newly built or planned. One operator commented that data centers being built at the moment are very clearly data centers, even without any branding anyone passing will recognise their purpose. Building on this point, a member from USA, where the industry had recently faced bomb threats, pointed out that because of the familiar and standardised look of a data center facility, threats against some of the bigger hyperscalers does not necessarily mean the smaller colocation or enterprise sites are safe, the attacker will probably not know the difference.
Some local governments are now requiring facilities to be placed away from view, but this leads to its own problems with regards to securing utility power and connection, and indeed as rightly stated by a member for an enterprise data center, as much as the facility itself needs to be protected, so does the power and water coming in, if someone was wishing to cause the facility to fail destroying or damaging these would also cause a serious issue. On the subject of site selection, the rise of Nuclear Power in Europe in particular is adding to the hurdles one enterprise is facing with new builds, their internal guidelines require facilities to be 30 kilometres are least from a Nuclear Power facility.
One of the most modern issue is that of drones, with one participant noting that they are increasingly seeing them flying overhead during the build of new sites, but what can be done? They are not prepared to remove them from the air by force, but is the threat understood?
So turning to the assessment that sites should be carrying out in relation to the physical security of their facility all on the roundtable confirmed their organisation, and indeed for many themselves, carry this out on a regular basis. One member with a global overview was keen to make the point that the scope of the assessment cannot by a “one size fits all”, there are local considerations in every country that need to be taken into account and considered. For the colocation participants they noted that customers are becoming more through with their requirements on the physical security of the site, they are aware of the measurements they want to see in place and are asking all the right questions, and this is a change from previous years.
Finally, when considering the physical security of the data center, insider threats need to be considered. On a lower scale social media needs to be considered, either innocently or maliciously social media posting by customers and employees can give away key location indicators for those trying to remain private, or key security details. More seriously, those in charge or granting access can also not have the best intentions, there needs to be measures in place to mitigate against human errors.
In conclusion, the data center industry is not the secretive industry it was 5 -10 years ago. With the familiarity of the buildings, the pressures from Marketing and the public documents the facilities can no longer hide in plain sight, and those in charge of the physical security need to work with this and ensure assessments are regularly carried out.
The Uptime Institute Consultant leading the discussion – Nick Archer, Senior Consultant – and EMEA Membership Director Lizabeth Hood started the discussion having a look at recent events to hit the news regarding threats and anger towards the industry and recommended an Intelligence Report “Data Center Security: Reassessing physical, human and digital risks” to those attending.
This roundtable was very well attended, and this allowed us to hear the experiences of members from Kuwait to USA, and from both Colocation and Enterprises – some shared and some very personal to the location and/or industry the member is in.
For the colocation providers in particular, there was a general consensus it is no longer an option to keep the locations of their facilities private. Many customers are keen to advertise where they are located, especially if they want to publicise the sustainability policies of the Colocation company, and often there are many legal planning documents held for public viewing.
There is also an internal debate between the Security and Marketing teams for colocation facilities. Marketing are keen to promote their branding as much as possible, and this often means requests for large logos on the side of the facilities. However, this is not a policy those involved in the Security of the data center are keen to allow, they wish to try and keep some anonymity. Interestingly we had the chance on this roundtable to be joined by a Head of Marketing for a colocation facility that is branded on the outside, he understood the conflicts and reservations of doing so, but brought the viewpoint that once an organisation gets involved in public projects or has customers that wish to announce their location with them it allows the colocation organisation to make the most of the benefits of being able to push their brand openly.
Looking at the challenges that are being currently faced it was clear there are differences with existing facilities and those that are newly built or planned. One operator commented that data centers being built at the moment are very clearly data centers, even without any branding anyone passing will recognise their purpose. Building on this point, a member from USA, where the industry had recently faced bomb threats, pointed out that because of the familiar and standardised look of a data center facility, threats against some of the bigger hyperscalers does not necessarily mean the smaller colocation or enterprise sites are safe, the attacker will probably not know the difference.
Some local governments are now requiring facilities to be placed away from view, but this leads to its own problems with regards to securing utility power and connection, and indeed as rightly stated by a member for an enterprise data center, as much as the facility itself needs to be protected, so does the power and water coming in, if someone was wishing to cause the facility to fail destroying or damaging these would also cause a serious issue. On the subject of site selection, the rise of Nuclear Power in Europe in particular is adding to the hurdles one enterprise is facing with new builds, their internal guidelines require facilities to be 30 kilometres are least from a Nuclear Power facility.
One of the most modern issue is that of drones, with one participant noting that they are increasingly seeing them flying overhead during the build of new sites, but what can be done? They are not prepared to remove them from the air by force, but is the threat understood?
So turning to the assessment that sites should be carrying out in relation to the physical security of their facility all on the roundtable confirmed their organisation, and indeed for many themselves, carry this out on a regular basis. One member with a global overview was keen to make the point that the scope of the assessment cannot by a “one size fits all”, there are local considerations in every country that need to be taken into account and considered. For the colocation participants they noted that customers are becoming more through with their requirements on the physical security of the site, they are aware of the measurements they want to see in place and are asking all the right questions, and this is a change from previous years.
Finally, when considering the physical security of the data center, insider threats need to be considered. On a lower scale social media needs to be considered, either innocently or maliciously social media posting by customers and employees can give away key location indicators for those trying to remain private, or key security details. More seriously, those in charge or granting access can also not have the best intentions, there needs to be measures in place to mitigate against human errors.
In conclusion, the data center industry is not the secretive industry it was 5 -10 years ago. With the familiarity of the buildings, the pressures from Marketing and the public documents the facilities can no longer hide in plain sight, and those in charge of the physical security need to work with this and ensure assessments are regularly carried out.
Request an evaluation to view this report
Apply for a four-week evaluation of Uptime Intelligence; the leading source of research, insight and data-driven analysis focused on digital infrastructure.
Already have access? Log in here
Posting comments is not available for Network Guests