- Protecting your physical perimeter and buildings
- How to implement security
- The models against attack
- New build data centres
- Hostile reconnaissance
- Hostile reconnaissance training and awareness
- Physical security risks with the unique design of data centres
- Consider cable pit security
- Meet-me rooms also form part of your perimeter
- Building management systems
- Learn more
Protecting your physical perimeter and buildings
In most data centre operating models, security of the perimeter, the site, and the building will be the responsibility of the operator. In an enterprise-owned facility, site security is defined by the enterprise based on its own risk assessment. In other facilities, the level of security should meet customer expectations and be designed to attract newcomers.
Remember:
Data centre customers should be provided with security details under a non-disclosure agreement at contract tendering stage.
How to implement security
The process for implementing security at a data centre is no different from implementing security at any other sensitive or critical site. NPSA recommends a risk-based approach to security mitigation and advises that one of two models for implementing security measures are followed. Both models involve a layered approach, integrating physical, personnel and cyber security.
The models against attack
To successfully mitigate the risk of an attack it is important to understand how threats – including from states and terrorism – to your site, workforce or assets, will manifest themselves. Understanding these threats will help shape your security strategy and ensure it is effective and proportionate. NPSA recommends the use of two differing philosophies dependent on the threat.
To counter the threat from forcible attack such as theft or terrorism, the 3Ds philosophy should be used. The 3Ds principles ask you to Deter, Detect and Delay attackers. The goal is to Deter the attacker from targeting your site or assets by creating a strong security appearance or messaging. Detect attacks at the earliest opportunity and use security products that Delay the attacker for a period of time, enabling response and intervention prior to any loss.
To counter the threat from a surreptitious attack such as espionage, the BAD philosophy should be used. The BAD principles implement effective Barriers, control Access and Detect attacks. In a reverse approach to that used for forcible attack protection, layers that form barriers, control access, and detect attacks should be created as close to the asset as possible.
This philosophy focuses on detection and not delay of attacks due to differing measures of success for the attacker. Taking this approach allows you to focus security measures on the asset, which in turn can also help mitigate risk from insiders who exploit or have the intention to exploit an organisation’s assets for unauthorised purposes.
The BAD philosophy is part of the Surreptitious Threat Mitigation Process (STaMP), which should be used by those responsible for classified government data deemed to be under threat from espionage. More information about STaMP, the NPSA Surreptitious Attack Protective Security Philosophy and its principles is available through a NPSA adviser or via our restricted access extranet.
New build data centres
Security during the design and build phase of a new data centre is important as mistakes made at this stage can impact on the security of the facility when it is built. We recommend viewing the Build It Secure pages of the NPSA website, which outline the approach to implementing security during the build.
Of particular importance is managing information security to ensure sensitive information about the design is only shared with those who need it. See the NPSA guidance on security minded approach to digital engineering.
During the planning application process, arrangements should be made to ensure sensitive information is not released on public planning portals or put into the public domain during consultations. Early engagement with planning officials is the best way to ensure this.
Hostile reconnaissance
Data centres should consider the risk from people external to the organisation who may wish to conduct harm. Recognising they may not get a second chance to achieve their aims, hostile threat actors will typically plan carefully through reconnaissance of a site.
Understanding hostile reconnaissance and the attack-planning process gives security managers and staff a crucial opportunity to disrupt the hostile in two main ways:
1. Denying them the ability to obtain the information they need from their research because they simply cannot obtain it, or the risk of detection to achieve this is too high.
2. Promoting failure – both of their ability to conduct hostile reconnaissance (they will not be able to get the information, they will be detected), and of the attack itself.
Deterrent measures can be cheap, relatively easy to deploy, or may involve more targeted deployment of existing assets. They will involve the security practitioner working with colleagues from across the organisation, most notably in communications. Their ultimate effect should be to deter the hostile yet have a neutral or even positive effect on employees and visitors.
Hostile reconnaissance training and awareness
See, Check and Notify (SCaN) aims to help businesses and organisations maximise safety and security using their existing resources. Your people are your biggest advantage in preventing and tackling a range of threats, including criminal activity, unlawful protest, and terrorism. SCaN training empowers your staff to correctly identify suspicious activity and know what to do when they encounter it.
In addition to this, the skills your staff learn will help them to provide an enhanced customer experience. The training helps ensure that individuals or groups seeking to cause your organisation harm are unable to get the information they need to plan their actions.
NPSA provides in-depth guidance on the principles of, and mitigations against, hostile reconnaissance.
Physical security risks with the unique design of data centres
There may be additional physical security risks that need to be considered and mitigated due to the unique design of data centres. With complex and widespread heating and cooling systems, it is likely that grills and cages will be required on any venting, ducting or wastewater systems – which are large enough for a person to use to gain access.
Consideration should also be given as to whether smaller ducting systems could be used to pass material from secure areas to non-secure areas as a way of circumventing security checks. The mitigation for this is likely to be a mesh over any ducting that could be exploited in this way.
Consider cable pit security
Cable access and draw pit chambers will have covers (sometimes called 'manhole covers' or 'maintenance covers') that are an important and often overlooked part of data centre infrastructure. Some examples of how security could be enhanced include making sure that these are:
- Positioned out of the way where they are not vulnerable to damage.
- Locked to prevent unauthorised access.
- Monitored to detect unauthorised access or tampering.
When thinking about cable chambers, consider threats, what the likely attack methods may be, and the potential impact of a successful attack.
Meet-me rooms also form part of your perimeter
Meet-me rooms act as the physical interface between your services and the internet, allowing two separate networks to peer and transfer data (e.g. two telecommunications networks – see ‘4. Risks to the meet-me room’ for more detail) - and are directly linked to your racks.
That means they form part of your boundary, despite being outside your control. Where data is transferred between networks, depending on the scenario, encryption may be shared, or may not be used. This provides a particularly vulnerable point and is therefore attractive to an attacker.
Building management systems
Building management systems (BMS), also known as building automation systems, are a type of control system used to control and monitor the mechanical and electrical equipment in most modern buildings, such as ventilation, lighting, power, fire and facilities management functions.
In a data centre, the BMS system usually controls the heating, ventilation, and air conditioning (and humidity). Though BMS tend to be controlled by the data centre provider, a disruption to any one of these systems could cause an outage, potentially impacting your network.
As a data centre owner, what measures have you put in place to manage BMS issues?
- Is your BMS connected to client networks?
- What assurance can you give customers regarding access to these systems?
- Is your BMS itself protected as a secure system and operated from a secure area (i.e. not your building’s reception or guest areas)?
- Has a cyber-vulnerability assessment of the BMS been undertaken and its recommendations acted on?