So much thought is put towards digital data protection that physical protection of your data storage facilities often go overlooked. In this article, we'll give you 8 things you need for your physical data center security.
Did you know that more than 1,579 data breaches were reported in the US in 2017?
More than 179 million records were stolen, and this posed a high risk of identity theft, and financial loses to the data subjects.
But how do these data breaches occur?
Most people think that data breaches occur due to ransomware, denial-of-service attacks, and malware attacks. But that's not true.
Most of them are caused by insiders. In fact, among the 874 data breaches that occurred in 2016, 844 were caused by insider threats
If you're in charge of a data center, here are eight physical data center security measures to protect data from external and insider threats.
If you manage sensitive data or live in a hacking prone area, you don't want to advertise to everyone that you operate a data center.
Avoid any signage or symbols indicating "Server Room" or "Data Center." Also, try to keep the exterior of your server room as nondescript as possible so that it blends well with the other rooms in the building.
You should also ensure there are smart locks to protect the server room.
It's also essential to come up with sound data security policies that require the data room door to remain locked anytime the room is unoccupied by the authorized team. Besides, the security policies should set out who's allowed to get into the server room and who's not.
Set up Surveillance Systems for Improved Data Center Security
Avoiding signage or symbols and locking the server door is the first step to keep your data protected, but someone could still gain access. An authorized person may also misuse his or her authority.
Therefore, you need a way to determine who gets in and out of the server room.
There are many techniques for identifying those getting into the server room, but the best one is to have an authentication system incorporated into the locking devices.
The system will require a token, biometric scan, or smart card to unlock the door and will record the time the door was opened and the identity of the person who entered.
It's advisable to invest in quality video surveillance cams. You should install them in strategic locations that make it difficult for someone to disable or tamper with them.
The location of the cameras should give you a good view of the persons entering or leaving the server room.
You can use the surveillance cameras to monitor your data center continuously or set them to record only when someone is entering or leaving the room. They can also send you a text or email if they detect motion when they shouldn't.
Invest in Rack-Mount Servers
Unlike other types of servers, rack-mount servers are easy to store and secure.
These servers can easily be kept in closed racks that can be bolted to the floor, making it difficult for criminals to move or steal your server.
Lock All Vulnerable Devices in the Server Room
It's not just the data servers you have to worry about. A malicious insider can plug a hacking device into a spy or sniffer program to steal data traveling across the network.
For this reason, you should keep all your vulnerable devices in the server room. If they need to be in a different setting, ensure they're in a secure room.
Seal the Windows and Limit the Entry Points
The server room shouldn't have windows. If there are windows in your building, get rid of them and seal the air vents that expose the data floor.
Also, ensure all the other windows are double-glazed and shatter resistant. Use laminate glass where possible.
You'll also want to control access to your building. A single point of entry for employees, visitors, and contacts will allow you to funnel them through one location where they can be identified.
You should also have a back entrance for the loading dock. Remember that the physical security policies should allow security personnel to open the back door only in the case of a pre-notified delivery.
You should also monitor all deliveries with a CCTV.
Protect All Your Portable Devices
Company cell phones, laptops, and other handheld computers can also be used to siphon data from your data center.
Therefore, if your employees use portable devices, they should never leave these devices behind. They should also store them in a secure, permanent storage fixture.
Disable the Drives
Don't want your employees to copy data to removable media?
You can come up with physical security guidelines that bar employees from carrying flash drives and other storage devices into the server room.
You can also remove or disable your computers' USB ports, Bluetooth capabilities, floppy drives, and other means of copying or connecting to external devices.
You should, however, note that simply removing or disabling drives may not stop technically savvy employees. For a more permanent solution, you can fill the ports with epoxy glue or other lasting substances.
Keep Your Printers Safe
Most people don't know this, but modern-day printers come with operating systems and onboard memories (NVRAM) that store data.
If a malicious insider steals your printer and accesses its memory, he or she may be able to get sensitive data like passwords or past printed documents.
Protect your printers! Make sure they're in a secure area and bolted to the floor or wall so nobody can steal or move them.
Establishing strict physical security procedures can also help ensure that only the authorized persons use your printers.
It's essential to note that data breaches are costly to remediate, and insiders are the cause of the most significant data breaches.
The best digital data protection measures in the world won't deter a malicious insider who can physically access your servers. Therefore, you should consider implementing the physical data center security measures we've highlighted above.
These measures will significantly boost your data security and keep malicious insider and hackers away.
If you have any questions or would like us to help you protect your data, you can get in touch with us now.