What is Data Center Security?

Physical Data Center Security

Data centers must be protected against physical threats to its components. Physical security controls include a secure location, the building’s physical access controls, and monitoring systems that keep a data center facility secure.

In addition to the physical security systems deployed within a data center (camera, locks, etc.), data center IT infrastructures require a thorough zero trust analysis incorporated into any data center design. As companies migrate on-premises IT systems to cloud service providers, cloud data storage, cloud infrastructures and cloud applications, it’s important to understand the security measures and the Service Level Agreements they have in place.

Secure Location

Data centers should be in a secure location, which includes:

• An area not susceptible to natural disasters like floods, earthquakes or fires.
• An outside facade that is nondescript and free from company logos.
• Physical barriers to prevent forced entry.
• Limited entry points.

Physical Access Controls

Security best practices for physical access controls for data center security involves implementing defense in depth. This involves setting up multiple layers of separations and requiring access controls to each layer.

For example, initial entry may rely on biometric scanners, followed by sign in verification from security personnel. Once inside the data center, equipment will be separated into different zones where access to the zone is verified. Additionally, video surveillance monitors all of the protected areas of the facility.

Secure Building Management Systems

Every point of access into the data center needs to be secured. This includes:

• Securing access from remote technicians who maintain the building with MFA, only giving them access as needed to perform their job and ensuring their device is secure prior to granting access.
• Securing the systems that manage the building including HVAC, elevators, Internet of Things (IoT) devices, and similar solutions.
• Segmenting building systems and Wi-Fi networks from production networks to prevent lateral movement.
• Continuously assessing the network for the addition of new or unknown IoT devices or wireless access points.

Digital Data Center Security

In addition to physical protections, data centers also require security focused on digital threats. This includes implementing data center IT security access controls and selecting security solutions tailored to the needs of data centers.

Data Center IT Security Access Controls

The main goal of data center security is to secure the servers. This includes implementing the following security controls:

• Only enable services as needed.
• Allow access to services based on business needs.
• Keep systems up to date with the latest security patches.
• Use strong password controls.
• Use secure protocols such as SSH or HTTPS.

Data centers should also leverage firewalls for network-level security, including:

• Using firewalls at boundary points to macrosegment north/south traffic.
• Microsegment east/west traffic flows between servers in the same network.
• Encrypting communications in transit where needed.

To ensure that security isn’t a bottleneck, data center security solutions should:

• Support security at 10, 25, 40, 100 Gbps network speeds and higher.
• Meet the data center capacity requirements.
• Scale as networks see seasonal bursts of traffic such as ecommerce web servers, e.g. hyperscale security.
• Have secondary systems in place that can be upgraded without impacting data center operations.

Use the Right Security Tool for the Job

Different systems require different security solutions. For example, perimeter-focused security solutions are designed to protect clients, while data center security protects the servers.

Enterprise clients typically have access to the whole Internet, so they need protections that prevent threats in web and email, and application control to prevent the use of risky applications. Client-focused protections include:

• Anti-ransomware
• Anti-phishing
• Remote browser isolation (RBI)
• Sandboxing
• CDR (Content Disarm & Reconstruction)
• Forensics or EDR (endpoint detection and response) technologies

These same security measures do not apply to data centers, which are composed of servers rather than user devices. Data center networks require the following security features:

• Intrusion Prevention Systems (IPS): IPS detects and prevents network-based exploits against vulnerable systems. When systems cannot be patched, IPS can be used as a virtual patching technology to stop exploits until patches can be applied.
• Zero-trust Network Access (ZTNA): ZTNA – also known as software-defined perimeter (SDP) – is a secure way to connect any user, from any device, to any corporate application.
• Web Security: The web application firewall (WAF) and its modern cloud counterpart web application and API protection (WAAP) are deployed on the network edge, and inspect traffic to and from web applications.

Implement Security that Supports Data Center to Cloud Migration

Companies spend about the same now on cloud infrastructures as they do on on-premises data center infrastructures. As companies move their IT assets to the cloud, it’s important to maintain the same security. This involves using security that supports virtual environments and cloud native APIs and that integrates with data center advancements in networking such as VXLAN and software-defined networking (SDN).