Event Recap
RECAP | ROUNDTABLE | Securing the Data Center
IT professionals in attendance at Uptime Institute’s virtual roundtable agreed that the task of providing physical security for a data center begins at the site selection process. Each of these professionals detailed a rather lengthy list of criteria that had to be considered before a site would be approved for consideration.
Environmental conditions, including storm frequency and flooding, topped the list. But others mentioned physical safety and political climate, so that sites near airports or violence would also be eliminated. One participant sited the potential damage of Hurricane Florence, which was expected to hit the mid-Atlantic U.S. states in the days after the September 12th roundtable.
Much of the discussion focused on preventing unauthorized access to sensitive areas, mostly by implementing a layered approach to security, which one participant called the “box in a box” approach. This participant noted that internal security at his financial firm had five layers, and the most secure levels could not even adjoin the less secure areas.
The conversation included a lengthy discussion about enforcing the standards that supported the layered approach. The participants all noted that their policies required vendors and others to be escorted throughout the facility. But still, they worried about security breaches, with several noting that they had contracted with security penetration vendors, tasked with evading the various checks set up in an organization. In some cases, these firms were hired not by IT management but by another department, effectively increasing the challenge of detecting them. One participant even shared changes that his firm made as the result of a successful intrusion, in which an individual evaded the first levels of security.
Throughout Uptime Institute consultant Nick Archer guided the conversation, noting at one point that many of the steps described by roundtable participants could be found in Uptime Institute’s Tier Certification of Operational Sustainability. Nick was able to share a variety of experiences that he had visiting sites in support of this program.
The subject of external security remained in the background, until the question of terrorism was raised. Participants noted that for many organizations, terrorism or criminal activity might require armed patrols, higher and thicker walls and fences, and certainly more protection against vehicle intrusions.
Finally, participants agreed that “budgeting for security obviously becomes a factor” at some point but found it hard to say where that was. They noted that should an incident occur the operational and reputational costs would far exceed the costs of security.
Environmental conditions, including storm frequency and flooding, topped the list. But others mentioned physical safety and political climate, so that sites near airports or violence would also be eliminated. One participant sited the potential damage of Hurricane Florence, which was expected to hit the mid-Atlantic U.S. states in the days after the September 12th roundtable.
Much of the discussion focused on preventing unauthorized access to sensitive areas, mostly by implementing a layered approach to security, which one participant called the “box in a box” approach. This participant noted that internal security at his financial firm had five layers, and the most secure levels could not even adjoin the less secure areas.
The conversation included a lengthy discussion about enforcing the standards that supported the layered approach. The participants all noted that their policies required vendors and others to be escorted throughout the facility. But still, they worried about security breaches, with several noting that they had contracted with security penetration vendors, tasked with evading the various checks set up in an organization. In some cases, these firms were hired not by IT management but by another department, effectively increasing the challenge of detecting them. One participant even shared changes that his firm made as the result of a successful intrusion, in which an individual evaded the first levels of security.
Throughout Uptime Institute consultant Nick Archer guided the conversation, noting at one point that many of the steps described by roundtable participants could be found in Uptime Institute’s Tier Certification of Operational Sustainability. Nick was able to share a variety of experiences that he had visiting sites in support of this program.
The subject of external security remained in the background, until the question of terrorism was raised. Participants noted that for many organizations, terrorism or criminal activity might require armed patrols, higher and thicker walls and fences, and certainly more protection against vehicle intrusions.
Finally, participants agreed that “budgeting for security obviously becomes a factor” at some point but found it hard to say where that was. They noted that should an incident occur the operational and reputational costs would far exceed the costs of security.
Request an evaluation to view this report
Apply for a four-week evaluation of Uptime Intelligence; the leading source of research, insight and data-driven analysis focused on digital infrastructure.
Already have access? Log in here
Posting comments is not available for Network Guests