ArticleS

How Data Center Security is Evolving Beyond Cameras and Card Readers

Sherif Sabry

Justin King also contributed to this article.

Over the past five years, Owners of hyperscale data centers have raised their security standards as they become more aware of the potential risks. Shockingly, multi-million-dollar facilities have been demolished two weeks after completion due to devices being found inside the walls. Security breaches can result in exposure of proprietary, classified, or personal information, as well as causing critical disruptions in the flow of information. One minute of downtime can translate into serious harm for a business or government entity, costing millions to billions of dollars, or costing lives.

Now that the pandemic has increased demand for data centers, the strictness of security standards will only continue to increase. As security consultants, we have always performed both system design and risk assessment for clients; whereas traditionally these services were approached more independently, they are now becoming more closely aligned as a complete strategic approach. The following are some of the ways we help Owners secure their facilities and the sensitive data flowing through them.

Site Selection 

Owners face a major challenge in locating suitable land, assessing it, and procuring it at a good market rate before the competition does. Ideally, a security consultant is involved early on and can conduct a site due diligence study. This study addresses factors including the economic stability and crime level of surrounding areas, the proximity of emergency services, whether the terrain is suitable to prevent water from impacting the facility, and whether the roads approaching the facility are designed to prevent vehicles from gaining enough speed to crash through defenses.

Because the market is so aggressive, risk assessments are often performed within four to five weeks, rather than the typical four-to-12-week assessment period. This type of assessment often relies on input from other trades on features like road conditions, zoning type, building layout, and wetlands impact, further compressing our available timeframe. TEECOM has the experience, resources, and reference material to gather this type of information quickly, enabling us to provide accurate and clear feedback and recommendations to our clients for their consideration in a timely manner. Often, due to the hypercompetitive market, security consultants are not involved in site selection and must work with the site limitations and vulnerabilities. While this is less than ideal, specialized security consultants like TEECOM can certainly do so effectively.

Crime Prevention Through Environmental Design (CPTED)

A security consultant works with civil engineers, landscape architects, and product manufacturers to secure the site. Access roads must be angled to limit the speeds of approaching vehicles. Berms, as well as manufactured barriers with the necessary crash ratings are used to protect the facility from oncoming vehicles. The consultant must determine the location of the fence, which includes the distance required from the facility as well as from the road. Perimeter detection is also required.

Internal Threat Mitigation

The threat does not always come from outside the facility’s walls. A staff person with a flash drive can upload or download data and do serious damage. Internal threats can be mitigated by minimizing access to servers. Check points, mantraps, metal detectors, and clean rooms can prevent any devices from entering the facility. Camera views should be adjusted to monitor not just the aisles, but other spaces as well. TEECOM will always make any recommendations we see for operational protocols that reduce risk.

Sensitive Compartmented Information Facilities (SCIFs)

Security consultants working on sensitive compartmented information facilities (SCIFs) must ensure the products they specify meet the client’s specific requirements and standards. Finding the appropriate teams for a SCIF project can be challenging due to strict citizenship requirements. TEECOM has worked with a majority of integrators with expertise in these types of facilities. We work closely with the Owner and make bidder recommendations while assisting with evaluations to make sure the SCIF requirements are met.

International Builds

Whether for a SCIF or a commercial facility, procuring products and assembling teams overseas can become more of a challenge. Some modifications will be inevitably necessary when building outside the Americas, but keeping the process as consistent as possible makes it easier for the Owner to manage and operate the systems, onsite or remotely. The security consultant must work with local manufacturers to determine where they can properly substitute locally unavailable products, versus having to ship materials from the Americas. Security consultants have good relationships with manufacturers and are aware of and sensitive to local cultures, which in turn significantly benefits Owners’ project outcomes and success.

TEECOM Can Help

TEECOM is working with confidential hyperscale data center clients around the world. We have the in-house capability to provide high-quality, detailed design documentation under compressed schedules thanks to the customized tools we have built. To continue the conversation about how best to secure your facilities, use the Contact TEECOM form at the bottom of the page.

Sherif Sabry
Sherif Sabry, CDCDP, ICD705, Associate Principal

As a project lead for large, confidential clients, Sherif has experience working on multiple data center projects. He is responsible for managing projects and delegating tasks within the team while also handling correspondence with clients and architects. Whether it’s meeting owner requirements through coordination with multiple trades, ensuring design standards are met, or proposing new solutions that can cut costs, Sherif is proactive in his delivery.