Security and data center planning : Two sides of the same coin

It's essential to consider security needs right from design when planning a new data center. Here are some guidelines for security and data center rollouts.

Data centers have become a primary target for theft and attack. Data centers, especially those assembled quickly during the economic boom of

Shiva Shankar, VP and Head of IT Infrastructure, Security - Ops & Engineering, Reliance Tech Services
Shiva Shankar, VP and Head of IT Infrastructure, Reliance Tech Services
the 1990s, were rarely built with an emphasis on security. In today's troubled times, the mindset has to be different, hence security planning and control need to be incorporated right from the design or planning stage while developing a new data center.
A data center is a mission-critical facility. Therefore, the security team should be involved right from the data center's design stage. Every potential threat must be identified, and the cost to provide security for the data center must be evaluated. Let's have look at some of the key imperatives for security and data center planning in this context.   

Physical security: The physical security and controls are a crucial part of creating secure environments for a data center. A data center should be designed to withstand everything from corporate espionage to terrorism to natural disasters, so:
More stories on data center security
Fast Guides:  Data center physical security:

Let's get physical: Data center security

The security value of a hosted data center

Does SAS 70 certification mean better data center security?

Build on the right spot. Build your data center away from airports, chemical facilities, power plants, earthquake fault-lines and areas prone to cyclones and floods. The location should be away from large urban areas, high crime and traffic, and potential high-profile terrorist targets. While enhancing the structural building design, blast mitigation can also be factored in.

Have redundant utilities. The data center should have two sources of utilities such as power, water, voice and data.

Landscape for protection. Trees, boulders and galleys can hide the building from passing cars. Obscuring security devices (such as fences) can also help keep vehicles from getting too close.

Plan for bomb detection. For data centers which are specially sensitive or likely to be targets, have guards use mirrors to check underneath vehicles for explosives. As an alternative, provide portable bomb-sniffing devices.

Limit entry points. Secure access to the data center by establishing a main entrance, as well as one at back for the loading dock. Surveillance cameras should be installed around the perimeter of the data center at all entrances and exits.

Secure air handling. Make sure that the heat, ventilation and air-conditioning systems can be set to re-circulate air rather than draw in air from the outside.

Ensure two-factor authentication. Biometric identification (such as with hand geometry or fingerprint scanners) is becoming standard for access to sensitive areas of data centers.

Logical security. Logical security at the data center should start at the lowest level, the OS, and move up with securing the desktop functions and usability of applications (this is also called 'hardening' a system). The logical
To Do list for security and data center planning

-Organizational security and policies
-Asset classification and control - Personnel security
-Physical and environmental security
-Communications and operations management
-Access control
-System development and maintenance
-Business continuity management & compliance

security will involve setting up perimeter access control, network security, Web application protection, and operations and inner security layers. While setting up security for a new data center you will also need to consider vulnerability assessment, access security, data and software availability, encryption of confidential information, system protection through deployment of firewalls, and deep-defense intrusion prevention systems.

If your data center houses the data, applications and access critical to the success of many businesses, the data center must be secure and resilient enough to keep running to protect your profitability, productivity and reputation. Considering the ever-evolving security demands, secure your data center with an end-to-end security solution.

People and processes are very important in implementing effective security for a new data center, while technology is the least important component. This is because technology only provides a means to implement an organization's policies, while policies form the foundation of security in the data center. Educating users about security awareness is a great way to build a security-conscious environment. Security and data center planning needs to be considered as a pervasive, ongoing process of reviewing and revising based on the changes and challenges facing the environment of the data center.

Administrative policies must be well-defined, especially for the people who are working on confidential information, or in jobs involving access to sensitive information. These policies may include background verification, job rotation, multiple people in a confidential (or sensitive) job role, and audit.

Processes must have privacy compliance, quality service and client care. They should be aligned to provide timely results while ensuring that there are preventive, detective and corrective measures in place.

About the author: Shiva Shankar is the VP and Head of IT Infrastructure, Security - Ops & Engineering for Reliance Tech Services. Shiva is responsible for Reliance's IT infrastructure and security operations. He has extensive experience in managing large data centers, systems operations support, database operations, infrastructure planning & engineering along with security domain. Shiva ensured implementation of ITIL framework across the group's IT operations.

(As told to Dhwani Pandya)

Read more on Endpoint security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.