Basic Protection and Security

Ensuring data security – e.g. with backups and high-availability solutions – is not the only challenge that faces data center administrators. They also must make sure that the data center itself and the devices in it are protected from environmental influences, sabotage, theft, accidents, and similar incidents.

Many of the following items were already mentioned in detail under the topic of “Security Aspects” in section 1.12. An overview of essential data center dangers and corresponding countermeasures is again provided here.

In general, it is true that security in a data center is always relative. It depends, for one, on the potential for danger, and also on any security measures that were already taken. A high level of security can be achieved absolutely by means of extremely high safeguards, even in an extremely dangerous environment. However, protecting a data center that is located in earthquake areas, military IT installations under threat or under similar situations does have its price.

It therefore makes sense for those responsible for IT in the data center to assess the potential of danger before beginning their security projects, and to relate this to the desired level of security. They can then work out the measures that are required for realizing this level of security.

Threat Scenarios

The first step in safeguarding a data center against dangers always consists of correctly assessing actual threats. These are different for every installation. Installations in a military zone have requirements that are different than those of charitable organizations, and data centers in especially hot regions must place a higher emphasis on air conditioning their server rooms than IT companies in Scandinavia. The IT departments concerned should there- fore always ask themselves the following questions:

• How often does the danger in question occur?

• What consequences will it have?

• Are these consequences justifiable economically? But what elements make up the threats that

typically endanger IT infrastructures and pro- vide the basis for the questions listed above? Wemustnowlistpossiblecatastrophic losses in connection with this.

Floodsandhurricaneshavebeenoccurringwith disproportionatefrequencyincentralEuropein recentyears,and,ifanITdepartmentassumes that this trend is continuing, it must absolutely make sure its data center is well-secured against storms, lightning and high water.

Losses from vandalism, theft and sabotage have achieved a similar level of significance. High-performance building security systems are used so that IT infrastructures can be pro- tected as well as possible. Finally, the area of technical disturbances also plays an important

role in security. Picture supplied by Lucerne town hall

Catastrophic Losses

Our definition of the term “catastrophe” is very liberal, and we assign everything to this area that is related to damages caused by fire, lightning and water, as well as other damage caused by storms.

The quality of the data center building plays an especially big part in resisting storms. The roof should be robust enough so tiles do not fly off during the first hurricane and rain water is not able to penetrate unhindered; the cellar must be sealed and dry, and doors and windows should have the ability to withstand the storm, even at high wind forces.

At first glance, these points appear to be obvious, and also apply to all serious residential buildings – in fact, practically all buildings in central Europe fulfill these basic requirements. Nevertheless, it often makes perfect sense, for temporary offsite installations and when erecting IT facilities abroad, to take these basic requirements into consideration.

Fire and Lightning

Quite a few security measures that are not at all obvious can be taken when it comes to fire protection. An obvious first step that makes sense is to implement the required precautions in the rooms or buildings to be protected. This includes smoke and heat detectors, flame sensors, emergency buttons as well as surveillance cameras that sound alarms when fire erupts, or ensure that security officers become aware of this situation faster.

In addition, one must ensure that fire department reaction time is as short as possible. Companies with a fire department on site have a clear advantage here – but it can also be of advantage to carry out regular fire drills that include the local fire department.

As lightning is one of the most common causes of fires, a lightning rod is mandatory in every data center building. In addition, responsible employees should provide all IT components with surge protection, to avoid the damage that can occur from distant lightning.

Structural measures can also be a help: When constructing a data center, some architects go so far as to use concrete that contains metal, so a Faraday cage is produced. This ensures that the IT infrastructure is well protected against lightning damage.

Other Causes of Fires

Lightning is not the only cause of fires. Other causes are also associated with electricity; furthermore, overheating and explosions play an important role in connection with fire. Among other causes, fire that is started by electricity can erupt when the current strength or voltage of a power connection is too high for the device that is running on it.

Defective cable insulations also represent a danger, namely they provide sparks that can accidentally ignite inflammable materials that are located nearby. The parties responsible should therefore make sure that not only is the cable insulation in order, but also that as few flammable materials as possible exist in the data center. This tip may sound excessive, but in practice it is often true that piles of paper and packaging that are lying around, overflowing wastepaper baskets and dust bunnies and similar garbage make fires possible. Regular data center cleaning therefore fulfills not only a health need, but also a safety need. In connection with this, IT employees should also make sure that smoking is prohibited in data center rooms, and that a sufficient number of fire extinguishers are available.

Other prevention methods can also be implemented. These include fire doors, and cabling that is especially secure. With fire doors, it is often enough to implement measures that stop the generation of smoke, since smoke itself can have a devastating effect on IT environments. However, in environments that are at an especially higher risk of fire, installing “proper” fire doors that are able to contain a fire for a certain amount of time will definitely provide additional benefits.

With regard to cabling, flame-retardant cables can be laid, and so-called fire barriers can be installed that secure the cable environment from fires. These ensure that cable fires do not get oxygen and also prevent the fire from quickly spreading to other areas.

Fire Fighting

Once a fire occurs, the data center infrastructure should already have the means to actively fight it. Sprinkler systems are especially important in this area. These are relatively inexpensive and are easily maintained, but are a problem in that the water can cause tremendous damage to IT components. Apart from that, sprinkler systems provide only a few advantages when it comes to fighting concealed fires, like those in server cabinets or cable shafts.

CO2 fire extinguishing systems represent a sensible alternative to sprinkler systems in many environments. These operate on the principle of smothering burning fires, and therefore do not require water. However, they also bring along disadvantages: For one, they represent a great danger to any individuals who are still in the room, and for another, they have no cooling effect, so they are unable to contain damage caused by the generation of heat.

A further fire-fighting method is the use of rare gases. Fire extinguishing systems based on rare gases (like argon) also reduce the oxygen content in air and thus suffocate flames. However, they are less dangerous to humans than CO2, so individuals who are in the burning room are not in mortal danger. In addition, argon does not cause damage to IT products. Drawback: These systems are rather expensive.

Water Damage

Among other causes, water damage in the data center results not only from the extinguishing water used in fighting fires, but also from pipe breaks, floods and building damage. A certain amount of water damage can therefore be prevented by avoiding the use of a sprinkler system.

Nevertheless, the parties responsible for IT in the data center should also consider devices that protect against water damage. First on the list are humidity sensors that monitor a room and sound an alarm when humidity appears – on the floor, for example. Surveillance cameras can also be used for this same purpose; they keep security officers informed at all times of the state of individual rooms, and thus shorten reaction time in case of damage.

In many cases, another sensible option is to place server cabinets and similarly delicate components in rooms in such a way that they do not suffer damage when small amounts of water set in. Ideally, those on watch, namely those responsible for the main tap of the defective pipe, will have already turned it off before the “great waters” come.

Technical Malfunctions

Technical malfunctions have a great effect on the availability of the applications that are operated in the data center. Power failures rank among the most common technical malfunctions, and can be prevented or have their effects reduced through the use of UPSs, emergency generators and redundant power supply systems.

In many cases, electromagnetic fields can affect the data transfer. This problem primarily occurs when power and data cables are laid together in one cable tray. However, other factors like mechanical stresses and high temperatures also have a great effect on the functioning of cable connections.

Most difficulties that arise in this area can therefore be easily avoided: It is enough to house power and data cables in physically separate locations, to use shielded data cables, prevent direct pressure on the cable and provide for sufficient cooling. The parties responsible for this latter measure must make sure that data center air conditioning systems do not just cool the devices that generate heat in server rooms, but also cool cable paths exposed to heat – for example, cables under the roof.

Surveillance Systems

Most of the points covered in the section on catastrophes, such as threats resulting from fire and water, only cause significant damage when they have the opportunity to affect IT infrastructures over a certain period of time.

It is therefore especially important to constantly monitor server cabinets, computer rooms and entire buildings, so that reaction times are extremely short in the event of damage.

Automatic surveillance systems provide great benefits in this area; they keep an eye on data center parameters like temperature, humidity, power supply, dew point and smoke development, and at the same time can auto- matically initiate countermeasures (like increasing fan speed when a temperature limit value is exceeded) or send warning messages. Ideally, systems like these do not operate from just one central point. Instead, their sensors should be distributed over the entire infrastructure and their results should be reported via IP to a console that is accessible to all IT employees. They therefore use the same cabling as data center IT components to transfer their data, which makes it unnecessary to lay new cables. In addition, they may be scalable in any fashion, so they can grow along with the requirements of the data center infrastructure.

Some high-performance products have the ability to integrate IP-based microphones and video cameras so they can transmit a real-time image and audio recording of the environment to be protected. Many of these products even have motion detectors, door sensors and card readers, as well as the ability to control door locks remotely.

If a company’s budget for a data center surveillance solution is not sufficient, the company can still consider purchasing and installing individual sensors and cameras. However, proceeding in this fashion only makes sense in smaller environments, since many sensors – for example, most fire sensors – cannot be managed centrally, and therefore must be installed at one location, in which an employee is able to hear at all times if an alarm has gone off.

With cameras, especially in consideration of current price trends, it always makes sense to use IP-based solutions to avoid having to use dedicated video cables.

Vandalism, Theft, Burglary and Sabotage

Security products which control access to the data center building play a primary role in preventing burglaries, sabotage and theft. These products help to ensure that “villians” do not have any access whatsoever to the data center infrastructure. Modern access control systems manage individual employee authoriza- tions, usually through a central server, and make it possible for employees to identify themselves by means of card readers, keypads, iris scanners, fingerprints and similar means.

If data center management implements an ingenious system that only opens up the routes that employees need to perform their daily work, they automatically minimize the risk of misuse.

However, this does not rule out professional evildoers from the outside attempting to enter the data center complex by force. Access control systems should therefore, if possible, be combi- ned with camera surveillance systems, security guards and alarm systems, since these contribute greatly to unauthorized indivi- duals not entering the building at all.

As we saw in the preceding section, data center surveillance systems with door lock controls and door sensors that trigger alarms automatically (for example, between 8:00 in the evening and 6:00 in the morning) when room or cabinet doors are opened supplement the products mentioned above, increasing the overall level of security. “Vandalism sensors” measure vibrations and also help to record concrete data that document senseless destruction. The audio recordings already mentioned can also be of use in this area.

Conclusion

The possibilities for influencing the security of a data center security are by no means limited to the planning phase. Many improvements can still be implemented at a later point in time.

The implementation of rare gas fire extinguishing systems and high-performance systems for data center sur- veillance and access control were just two examples given in this regard. It is therefore absolutely essential that those responsible for the data center continue, at regular intervals, to devote time to this topic and analyze the changes that have come to light in their environment, so they can then update their security concept to the modified requirements.