Colin’s IT, Security and Working Life blog

May 13, 2009

Choosing a datacentre – security considerations

Filed under: Buying Smart — Tags: — chaplic @ 1:36 pm

For most businesses, moving IT kit to a datacenter is a “no brainer” – you get the advantage of shared resources that will likely improve availability (such as electric generators) and they are generally not in horrible parts of your building such as basements! However, they do introduce other security risks that you need to consider.

 

If your kit is hosted in-house just now, it’s protected by the nature of your general site protection – so, security guards, CCTV, locks, secure entry and so on. Crucially, it’s also unlikely that no-one will be there that you do not have a specific business relationship with. In a shared datacenter you don’t know – or trust- the person hosting beside you.

 

There are a raft of standard and awards that datacentres will no doubt try to impress you with; this isn’t about these. Instead it covers the basics.

Your evaluation of at datacenter starts before you arrive. What part of town is it in? Is it a flood risk? Any businesses next door that could have negative consequences (think buncefield or animal testing centres).

 Datacentres tend to be in less desirable, and isolated, areas of town. Have a walk round the building and identify how you would penetrate the building if you wanted access to your kit, either to access it or damage it.  Ideally the datacentre should look anonymous, admittedly that’s difficult with high fences and CCTV!

 How is access control enforced? Was it enough to say who you were or do you have to provide ID? Is there security controls in place so someone cannot simply walk through two doors in a row (this could be a ‘man trap’ door arrangement, or a turnstile)

 Hopefully the datacentre will impress with its cooling and power supply setup (including monitoring), and you’ll be able to see big generators, lots of batteries and redundant air conditioners. It is worthwhile asking the last time they had a real problem (and the result), and the last time a load test was done. Just how quickly can they get replenished with fuel? 

 You would expect the datacentre to already have diversely routed connections out to multiple telephone exchanges and electricity substations, but you should check.

 The datacentre may be partitioned, but how high are the walls, actually? Be suspicious of tiles, both above you and below you!

 Quite a lot of you kit may run from a single power supply. Ask about the datacentres power arrangements and what happens if they wish to do maintenance on one circuit. You may well find it wise to have your racks supplied with power from two rings, and use a device called a static transfer switch to make your single-power-supply devices able to take power from the two power supplies (and following the same model, your kit with dual power supplies get plugged into both circuits)

 If you can go from outside to your kit through one door (fire escapes are a possible route) then you have problems. Hopefully such doors are reasonably secured, but its still a direct access point (or, more likely a direct exit point – with your servers!)

You should understand how –if any- an active role the datacentre plays in the operation of your business. Do you have to comply with any of there procedures in order to install equipment in racks. If so, how do they enforce this? How do you get equipment couriered to site and do they have any handling rules. Many datacentres do not accept deliveries unless they are registered in advance, with codes marked on all the boxes (and the number of boxes itemised, too).

Most racks –assuming they are locked- are reasonably quick to open with just a screwdriver. Given the fact you are happy with the perimeter security, and other security in the building you may consider the fact you host alongside people you don’t trust an acceptable risk.

However, many will not accept this risk. There are options. Have the rack bolted to the floor (the real, concrete floor) . This will make physical theft that bit trickier. Also, surround the equipment with a steel cage – main braces say 1 inch square hollow steel with a thick wire mesh. This should be bolted to the fabric of the building, and if it does not stretch from roof to floor, then your cage should have a roof, also. Access to your cage should be via a different access control mechanism than the rest of the building.

Consider the logistics and human factors too – whilst you may be managing your kit remotely most of the time, during kit install you may have people there for some time. Is there any office space for them to use a laptop? What about toilets, cups of tea, lunch and so on? Although IT companies talk green, this usually doesn’t stretch to boxing of their components, so any decent infrastructure install will give rise to its own cardboard box city. Does the datacentre provide disposal for these items or do you have to arrange to get it removed yourself? By the same token, examine the loading bay and lift weight limits if you are off the ground.

Overall, do not make the choice quickly, or without care. If suitable for your business, a datacenter will quickly become invisible. Get it wrong, and it’ll be the biggest blip on your radar!

Advertisements

Blog at WordPress.com.