Critical Ingredients for Cyber-Physical Security at Data Centers

Aug. 2, 2023

Risk-management professionals have been raising alarms in the past few years, and the message is clear. As attention, focus, and budget have increased on cyber defenses, and the fear has increased regarding shadowy hackers in far-away places, basic physical security programs and technologies have become an ever-easier attack surface for breaching data networks and stealing valuable information of all kinds.

Consider a recent risk advisory from Deloitte, that clearly identified any organization’s physical security program as “the first layer of protection against malicious intent.” They went on to state that physical security programs “have commonly been overlooked and are becoming far less effective at detecting and responding to threats,” and warned that organizations with “neglected security programs are at a high risk of physical and cyber security breaches.”  We couldn’t agree more.

Protecting Data Requires Robust Physical Security

As cyber-security awareness has increased, so has the strength of cyber defenses, such as firewalls, virtual networks, encrypted communications, two-factor logins, and many more useful tools. It is rare today that an organization does not have some, or many, of these protections in place.

The truth is, that by physically entering that organization’s facility, those with criminal intent bypass many of those cyber defenses, making them irrelevant. By finding an unlocked computer, and plugging it into a networked telephone, wireless access point, or other networked device, criminals can plant malware, steal or alter data, and even seize control of critical management systems.

Robust physical security is the only true defense for this situation and is vitally important to help prevent unauthorized persons from entering data facilities where they can easily plug into any IP connection – or even steal a laptop or server and walk out with it.

Preventing Unauthorized Access to Data Facilities

Criminals have many methods for gaining access to controlled areas: They can talk their way by security guards, slip in behind an employee who politely holds the door open for them, tailgate through an access-controlled entrance, or use stolen credentials to get into your facility. Some providers have recently suggested that new video analytics and sensor technologies might help stop these intrusion attempts, but in reality, the most these technologies can offer is to detect attempts, not to stop them.

Data centers can prevent these unauthorized access methods, and stop infiltrations, by installing security entrances at entry and exit points at the perimeter of a facility and at critical internal access points. Unlike the other suggestions just mentioned, security entrances have a long, proven record of both deterring and denying unauthorized infiltration attempts. Implementing this “layered” strategy with increasing security levels protecting each step towards the most sensitive materials is the best way to protect these priceless assets.

Let’s walk through each layer of protection as shown in the illustration.

Layer 1: The Perimeter

Physical security starts with keeping unauthorized users off the premises altogether. A data center or sensitive corporate facility can be surrounded by a security fence outfitted with a full-height turnstile for access. Employees exit their vehicles, proceed through the turnstile and enter the building or protected campus. Visitors speak to a guard or contact the building receptionist to be admitted.

Full-height turnstiles are ideal for this first layer; they are a visual deterrent against infiltration, and they prevent tailgating, which is an unauthorized person following in the next compartment. Until recently, full-height turnstiles were susceptible to piggybacking, which is two people squeezing through in the same compartment. New sensor technology installed in certain brands of full-height turnstiles can now detect when two people attempt to enter the turnstile using one credential and lock the turnstile, preventing entry. These new sensors also feature “walk-away” detection that locks the turnstile if an individual presents their credentials for access authorization, has been approved allows the turnstile to be unlocked, starts to enter the turnstile, and then backs out.

Layer 2: The Building Entrance

Once inside the facility perimeter, authorized people should either be staff or confirmed visitors. Installing a security revolving door at the building entrance can easily accommodate both staff and visitors with badges allowing staff entry and receptionist triggers or guard-issued passes allowing visitors to enter.   By using security revolving doors at the building entry, sensors can confirm only a single person enters with each approval, similar to the sensors described above. And the solid glass of the revolving door can support building environmental systems and can be reinforced if desired for additional security. At this point, staff can proceed, and visitors can complete their registration or wait for their escorts.

Layer 3: The Building Interior Depending on the specific needs of the facility, a third layer can be installed between the entrance lobby and the rest of the building interior. This layer, which can again be implemented with a security revolving door, prevents any visitors from slipping by the reception desk. If the situation allows, optical turnstiles can also be used for this layer to speed the passage of staff and/or visitors. Or a combination of both styles can be used to meet the specific needs of the organization.

 Layer 4: The Server Room

For the protection of the most sensitive area in a data center, the server room itself, it is critical that a physical security entrance prevent intrusion. Interlocking mantrap portals enforce single entry by means of an overhead advanced sensor system that prevents tailgating and piggybacking. Once a user presents their credentials and the door opens, the sensor scans the compartment, verifying the user is alone. Inside the portal, an internal biometric device can be used to verify identity, confirming that not only one person gets inside the server room, but the right person. This rigorous identification process does take time, typically only allowing five people through per minute. Since few employees are typically permitted into the server room, this entrance solution is ideal for data center applications or any area that requires the highest level of security.

Why Are Security Entrances Best for Each Layer?

Security entrances are unlike traditional sliding or swinging doors, which cannot be made secure. Once a traditional door is open, there is no longer any control of who enters or exits through that opening. In contrast, security entrances are designed with a specific purpose and level of protection classified into three simple groups:  

1.  Those that Deter by monitoring or controlling traffic  

2.    Those that Detect tailgating and piggybacking 

3.    Those that Prevent tailgating and piggybacking 

Security entrances that Deter unauthorized access serve as a deterrent against casual attempts to gain unauthorized access, and more often are in place to help keep people honest. They accomplish this by monitoring or controlling traffic under the supervision of security personnel. Appropriate for building perimeters, supervised locations, exit-only applications, or any location that needs to control large crowds, these products include full-height and tripod turnstiles (without detection sensors), wide lane gates and monitored access solutions.

Security entrances that Detect tailgating and piggybacking provide a strong visual obstacle against intrusion, and when coupled with biometric and access control devices, can detect unauthorized entry attempts in real-time and issue alarms for security personnel to take immediate action. This category of solutions includes speed gates, which are designed to detect tailgating and facilitate both security and visitor management operations.

Security entrances that Prevent tailgating and piggybacking allow for the elimination or reallocation of guard supervision, providing security and facility managers with tangible ROI. These solutions include revolving doors and interlocking mantrap portals, which are virtually impenetrable and prevent unauthorized intrusion. Also, by collecting metrics gathered by sensor systems in these solutions, security personnel can predict and quantify their actual risk of infiltration. Used often at employee-only entrances and to secure areas containing sensitive data or personnel, these solutions are a breed of security entrances unlike any other. 

Protecting Data Centers 

To protect data centers and the critical data they contain, cybersecurity and physical security must work hand in hand. Installing security entrances can help ensure that the only people entering the building are credentialed employees or authorized visitors, providing the highest levels of security for facilities housing sensitive data.

About the author: Joe Seagriff is the Vice President of Sales/ for the East region at Boon Edam USA. Seagriff is a graduate of the Rensselaer Polytechnic Institute.