Physical Security For Data Centers

from the let's-get-physical dept

Mon, Jan 4th 2010 11:55am — Greg Ferro

The physical security of the your Data Centre often appears to be a simple and obvious exercise in management. When evaluating the requirements and conducting the analysis, physical security appears deceptively straightforward compared to the technology and plant issues. Often we find an older male, typically ex-military, who has spent time in the security industry -- maybe even with some time in an IT Team -- and learned some understanding of the technology, and then put in control of physical security.

Their experience equips them to prepare, layout and consult on plans for the cameras, electronic locks, security rosters and patrol rotas, ram defenses, crowd-charge barriers and customer identity issues. They can setup lines of command and control where each element of the security team understands their roles and responsibilities, and the escalations, and the documentation of all of these procedures. And the ongoing auditing of all these processes.

However, technology professionals are mostly not the type of people who take directions well. Their free wheeling, lateral thinking capabilities means that they are always looking for ways around the system. Implementation of physical security often assumes that approved users will behave is the correct manner and observe the rules and guidelines that have been laid out for them.

While it is possible to demand that IT workers observe the rules and place employment restrictions to enforce them, this is usually poor practice. Your IT people are often creative and highly self-motivated and this can easily create resentment, workflow restrictions and poor productivity.

The real answer is to take the time to understand the workflow of your operational staff and find ways to integrate the security process into that workflow. The typical "father knows best" view of the physical security officer needs to be overridden and replaced with an integrated view of physical security that includes the customer needs.

For example, the process of delivering new equipment to your Data Centre's dock, unpacking and movement onto the Data Centre floor for installation should be seamless and smooth. Security procedures should be integrated into the accounting and audit processes, not be a separate procedure by different staff.

Failing to get such fundamentals in place will cause tension between the Data Centre customers and the Data Centre operation that always leads to management problems that need addressing on an ongoing basis.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team