14 Mar 2022

While most discussions of security in data centres revolve around cyber-attacks, that’s only part of the equation. Data centres responsible for the storage and transfer of important information must install physical measures that keep these sites secure and safe.

Power outages

As proven by Facebook’s recent power outage, any company is prone to physical threats. The outage caused a configuration change to the backbone routers that coordinate network traffic to and from the company’s data centres.

Do not solely rely on electrical grids to power the servers. Instead, have multiple backup sources to allow the data centre to continue running in the event of damage to the power. Servers take time to reboot and any interruptions can cause a massive disruption to the productivity and the bottom line. When it comes to physical security in data centres, it’s important to store data in multiple data centres as well for enhancing protection. This improves the uptime of the data and allows faster recovery of data loss.

Outdated access control systems

Most data centres still use outdated access control systems. Whether it’s passwords, wired access control systems, or even traditional key locks, these give modern thieves and attackers the upper hand in breaching and entering secured spaces.

Entry to a data centre should be managed with strict procedures, to control and monitor visitor access

Entry to a data centre should be managed with strict procedures, to control and monitor visitor access. Simple physical installations can be installed, such as a physical barrier, a trembler wire, surveillance cameras, and even hiring a full-staff 24/7 security team.

Additionally, it’s crucial to stay up to date with the latest access control technology. This includes incorporating AI and biometrics such as facial authentication for access or a user-generated code to a mobile device.

Lack of protocol to vet contractors

It’s common for data centres to use third-party vendors to service their data rooms. Without a strong hiring process for employees and vendors, it’s easy to leave the door open for potential threats. A simple background check or speaking to references isn’t enough.

When it comes to a contractor’s data security policies, all sensitive information needs to be encrypted, and you should be the one to hold the encryption key. This protects against a potential breach from the vendor side. Make sure that role-based access is given. That means the authorised vendor employees only have access to the information needed for the role and do not complete authorisation.

Any contractor or vendor should utilise software that is set up to receive regular security updates, so that sensitive information won’t be left vulnerable. Ultimately, it’s a personal decision to entrust sensitive information to a third party. Following proper due diligence for vetting, vendors help in making informed decisions and increase compliance with appliance regulations and laws.

Social engineering attacks

Social engineering involves deceiving individuals within the company to divulge confidential information

Social engineering involves deceiving individuals within the company to divulge personal and confidential information that could be used for fraudulent activities. These attacks can happen in a myriad of ways, with or without technology. They can test the staff’s competency by calling security on people they don’t know, walk-in without badges, or confirming whether a call is coming from a particular source.

For example, a cybercriminal can easily call an assistant pretending to be someone higher-up to phish for specific information. Or, they can impersonate an assistant and contact the bookkeeper to request payment information.

There are some frightening in-person social engineering attacks as well, such as:

  • Someone pretends to be the service technician, who has an appointment with an executive to solve a particular issue.
  • Tailgating occurs when a person follows someone into a room, the attacker can slip right in.
  • Someone leaves a device behind on purpose, so that hopefully someone finds it and plugs it into their business system, which automatically installs malware to their computer.
  • An attacker asks a user to use their already logged-in computer.

Whether physical, digital, or even phone social engineering, it’s important to train employees to safeguard against sharing confidential information. Every company should always verify that each person is who they claim to be and that the person is authorised for access or request.

Potential fire hazards

Fire safety should be a priority for data centres. Many possibilities can cause fires both inside and outside the facilities. Some examples of fire hazards within a data centre are:

  • Equipment and wiring overheating,
  • Electric overloads and short-circuits,
  • Storage of flammable gasses and liquids, and
  • Storage of flammable equipment.

First, it’s important to house data on the Cloud so that data won’t be lost in the event of a fire. There are some ways to implement fire prevention in data centres, such as:

  • Nebulised water fire-suppression systems and tools, such as hydrants and fire extinguishers,
  • 24/7 on-site security staff,
  • CCTV and video surveillance,
  • Smoke detected below raised floors and on ceilings,
  • Early fire detection systems that detect smoke before a major fire starts, and
  • Cooling, humidity control, and temperature monitoring systems.

The insider threat

Only provide access to sensitive data at the appropriate time, where an action is required

Employees steal data from their workplaces because they may see an opportunity to expose something damaged, as a personal vendetta or sell sensitive information. This can especially be true for private companies and government agencies. Nowadays, it’s very easy to sell stolen data, which increases the likelihood of people trying it. Or perhaps, the employee plans to set up a competing business.

Only provide access to sensitive data at the appropriate time, where an action is required. Also, establish data security governance policies for the organisation, so that everyone is focused on identifying and mitigating the risks to data security. Consider denying the use of storage devices, like USB thumb drives and personal email accounts. Also, use a password manager that doesn’t give the real password to the employee. Rather, it only allows access to the tool through an identification process.

Protect data centres from physical threats

Every data centre is responsible for having a prevention and safety protocol for physical threats. Once physical access has been breached, it’s easy for data to be lost or tampered with. In today’s world, every organisation is prone to both digital and physical threats. Attackers are becoming smarter and finding more elaborate ways to phish information.

Fortunately, it’s entirely preventable by installing protocols, systems, and technologies to safeguard sensitive data within the company. Browse the Alcatraz site to learn more about AI security technology or book a demo to see how enterprises can improve their existing security system.