Physical Security For Data Centers
from the let's-get-physical dept
The physical security of the your Data Centre often appears to be a simple and obvious exercise in management. When evaluating the requirements and conducting the analysis, physical security appears deceptively straightforward compared to the technology and plant issues. Often we find an older male, typically ex-military, who has spent time in the security industry -- maybe even with some time in an IT Team -- and learned some understanding of the technology, and then put in control of physical security.
Their experience equips them to prepare, layout and consult on plans for the cameras, electronic locks, security rosters and patrol rotas, ram defenses, crowd-charge barriers and customer identity issues. They can setup lines of command and control where each element of the security team understands their roles and responsibilities, and the escalations, and the documentation of all of these procedures. And the ongoing auditing of all these processes.
However, technology professionals are mostly not the type of people who take directions well. Their free wheeling, lateral thinking capabilities means that they are always looking for ways around the system. Implementation of physical security often assumes that approved users will behave is the correct manner and observe the rules and guidelines that have been laid out for them.
While it is possible to demand that IT workers observe the rules and place employment restrictions to enforce them, this is usually poor practice. Your IT people are often creative and highly self-motivated and this can easily create resentment, workflow restrictions and poor productivity.
The real answer is to take the time to understand the workflow of your operational staff and find ways to integrate the security process into that workflow. The typical "father knows best" view of the physical security officer needs to be overridden and replaced with an integrated view of physical security that includes the customer needs.
For example, the process of delivering new equipment to your Data Centre's dock, unpacking and movement onto the Data Centre floor for installation should be seamless and smooth. Security procedures should be integrated into the accounting and audit processes, not be a separate procedure by different staff.
Failing to get such fundamentals in place will cause tension between the Data Centre customers and the Data Centre operation that always leads to management problems that need addressing on an ongoing basis.