|Shiva Shankar, VP and Head of IT Infrastructure, Reliance Tech Services|
A data center is a mission-critical facility. Therefore, the security team should be involved right from the data center's design stage. Every potential threat must be identified, and the cost to provide security for the data center must be evaluated. Let's have look at some of the key imperatives for security and data center planning in this context.
Physical security: The physical security and controls are a crucial part of creating secure environments for a data center. A data center should be designed to withstand everything from corporate espionage to terrorism to natural disasters, so:
Build on the right spot. Build your data center away from airports, chemical facilities, power plants, earthquake fault-lines and areas prone to cyclones and floods. The location should be away from large urban areas, high crime and traffic, and potential high-profile terrorist targets. While enhancing the structural building design, blast mitigation can also be factored in.
Have redundant utilities. The data center should have two sources of utilities such as power, water, voice and data.
Landscape for protection. Trees, boulders and galleys can hide the building from passing cars. Obscuring security devices (such as fences) can also help keep vehicles from getting too close.
Plan for bomb detection. For data centers which are specially sensitive or likely to be targets, have guards use mirrors to check underneath vehicles for explosives. As an alternative, provide portable bomb-sniffing devices.
Limit entry points. Secure access to the data center by establishing a main entrance, as well as one at back for the loading dock. Surveillance cameras should be installed around the perimeter of the data center at all entrances and exits.
Secure air handling. Make sure that the heat, ventilation and air-conditioning systems can be set to re-circulate air rather than draw in air from the outside.
Ensure two-factor authentication. Biometric identification (such as with hand geometry or fingerprint scanners) is becoming standard for access to sensitive areas of data centers.
Logical security. Logical security at the data center should start at the lowest level, the OS, and move up with securing the desktop functions and usability of applications (this is also called 'hardening' a system). The logical
If your data center houses the data, applications and access critical to the success of many businesses, the data center must be secure and resilient enough to keep running to protect your profitability, productivity and reputation. Considering the ever-evolving security demands, secure your data center with an end-to-end security solution.
People and processes are very important in implementing effective security for a new data center, while technology is the least important component. This is because technology only provides a means to implement an organization's policies, while policies form the foundation of security in the data center. Educating users about security awareness is a great way to build a security-conscious environment. Security and data center planning needs to be considered as a pervasive, ongoing process of reviewing and revising based on the changes and challenges facing the environment of the data center.
Administrative policies must be well-defined, especially for the people who are working on confidential information, or in jobs involving access to sensitive information. These policies may include background verification, job rotation, multiple people in a confidential (or sensitive) job role, and audit.
Processes must have privacy compliance, quality service and client care. They should be aligned to provide timely results while ensuring that there are preventive, detective and corrective measures in place.
About the author: Shiva Shankar is the VP and Head of IT Infrastructure, Security - Ops & Engineering for Reliance Tech Services. Shiva is responsible for Reliance's IT infrastructure and security operations. He has extensive experience in managing large data centers, systems operations support, database operations, infrastructure planning & engineering along with security domain. Shiva ensured implementation of ITIL framework across the group's IT operations.
(As told to Dhwani Pandya)
This was first published in May 2010