Data centers house the data and applications critical to the success of an organization. A data center is a complex environment of physical and virtual systems, integrated and optimized to deliver timely, secure, and trusted information without fail. As such, across many dimensions the security profile and management of a data center must be a certainty.
In this article we discuss the many dimensions and features of the security and management of a data center. These include:
- Physical and Environmental Security
- Secure Operations
- Security of the Critical Power and Cooling Systems
- Security Information Management
- Personnel Management
- External Validation
Physical and Environmental Security
Physical and environmental controls protect the data center itself from interruptions and unauthorized intrusions, and technical controls on all platforms provide the capability to protect applications and data from unauthorized disclosure and manipulation.
Data centers have physical access control procedures, high-precision climate control, and backup and recovery systems.
- Operating facility with 6” reinforced concrete walls to create a secure data vault with physical separations on all sides.
- Interior and exterior video monitoring and UL certified intrusion detection systems.
- High security fencing, biometric mantrap, infrared video monitoring, and electronic passage technology.
- Primary entrance processing point inside secure, reinforced perimeter.
- Isolated shipping/receiving and freight inspection facility.
- No vehicle traffic in the vicinity of operating buildings, over 250 feet of separation from main thoroughfares.
- State-of-the-art fire detection and suppression systems using the latest advances in non-water based, FM-200 and/or HALON 1301.
- Multiple fiber-optic entrances to the building are concrete-encased and meet-point rooms (MMR) are located in a secure, separate locations in each operating buildings, with cross-connects and redundant tie cables to other buildings.
Security management and operations procedures for all platforms and procedures ensure the confidentiality, integrity, and availability of customer applications and data.
- Security personnel stationed at the main entrance to the data center 24x7 provide additional protection.
- Entire buildings served by a Building Management System (BMS) monitored and managed by on-campus & off-campus secure network operations centers (SNOC).
- Multi-Level Security through Tiered Access Control Protocols compliant and flexible to conform to all levels of established threat status conditions.
- FIPS, FISMA and NIST security protocol compliance.
- Full BellCore/Telcordia physical separation of all redundant network elements.
Security of the Critical Power and Cooling Systems
The fundamental operating systems of a data center are its power delivery and cooling systems. Detailed diagrams are available on the site, but notable features of the security of these systems include:
- High degrees of redundancy, 2N and even 3N.
- Full maintenance bypass switching throughout all systems.
- Patented technology to protect against a class of power problems afflicting all data centers without this technology.
- 7-day, on-site generator fuel supply.
- For protection of cooling, a gravity-fed water reservoir backed by an on-site well.
Security Information Management
Real-time security information management (also known as SIEM) is the combination of network and security analysis in an easy-to-use, high performance platform. AiNET uses SIEM to protect all customer operations and assets. SIEM capabilities:
- Mainstream device support
- Event source monitoring
- Event log and network flow data consolidation
- Comprehensive, extensible analytics
- Network, virtualization, and application intelligence
- Identity and location intelligence
- Configuration and configuration change monitoring
- In-depth database security, availability and anomalous activity monitoring
- Powerful, layer 7-9 rules engine
- Real-time and historical cross-correlation
- Prioritized, valid security incidents with correlated and raw details
- Dynamic dashboards, topology maps and notification
- Real-time and long-term search with web-like query and iterative filtering
- Directory service integrated and custom asset and user grouping
- Compliance and standards-based reports
- Optimized event repository
- Event log data integrity secured by HMAC
- Unlimited data retention
- Scalable performance and coverage capacity
Personnel represents another dimension of security.
- Background checks on all personnel
- DoD-trained anti-terrorism personnel
Many organizations state they have certain protections, but without proper outside audit and verification, there could be serious issues left unaddressed — either by design or improper procedures. All AiNET facilities undergo SAS-70/SSAE 16 security validation audits to insure that all equipment, processes and personnel successfully meet the security objectives of each facility. The SAS-70/SSAE 16 audit is a rigorous standard widely accepted by industry and government. The audit assures managers of financial and other applications that AiNET employs highly effective security and controls.
Other external validations of an overall secure data center:
- FIPS, FISMA and NIST security protocol compliance certifications
- TIA-942 Tier IV certification
- DCID 6/9 and ICD 705.2/705.3
Finally, how a data center itself stands behind its security:
- 100% Service Level Agreement (SLA) on power, cooling & connectivity with monetary penalties.