Datacenter Physical Security
- Defense in depth is a critical part of physical security
- multiple security controls protecting the same assets
- variety of technological levels
- assortment of three control categories:
- physical
- administrative
- logical/technical
Physical Security Design Areas
- Perimeter
- Stronge fence
- guard patrol that monitors fence line
- video surveillance capability
- electronic monitoring of tampering attempts on fence
- Vehicular approach and access
- driveways that wind and curve or use speed bumps
- bollards
- Guest and visitor access
- controlled entry point
- formal reception with security measures
- sign-in log
- video surveillance
- staff tasked with monitoring
- Camera and monitoring systems
- ensure appropriate monitoring, alerting, and retention capabilities
- Protect hazardous and vital resources
- electrical supply, storage, distribution components (generators and fuel)
- not located near personnel or near vehicle paths
- Interior physical access controls
- badging, keys, access codes, secured doors
- Physical protections for highly sensitive assets
- Safes
- inventory tracking mechanisms
- Fire detection and suppression systems
- Design elements that ensure security controls work during interruptions of power or network connectivity
Restricted Access to Physical Devices
- Access to racks in datacenter should be limited to staff who absolutely require access for job functions
- Entry and egress should be:
- controlled
- monitored
- logged
- Racks should be locked
- keys for each rack should be checked out only for the duration of use