When people think of data centre protection, they often jump to cyber security and safeguarding information from hackers.
Earlier this year a Rwandan data centre, which held most of the country’s Government information was attacked by hackers. This left servers and related Government websites like the Presidents and the state army’s offline for hours. Data including email accounts, passwords and phone numbers were obtained and posted publicly. This was a major breach for the data centre and the cyber security has since been heightened.
But does anyone consider the physical security of said data centres?
In order to store and digitally protect this data, it must be kept within a physical premises. Throughout the world more and more physical data centres are being built in order to compensate for the increasing amounts of data the population is now using. In 2015 data centres around the world held 171 exabytes (EB) of data; comparing this to 2020, where they are estimated to hold 985 EB, that’s a massive 476% increase.
By 2021, it is forecasted there will be around 7.2 million physical data centres built worldwide and storing around 1,327 EB of data. That’s the equivalent of 4.5 metres worth of paper stacked high, per person, worldwide.
When we look at these numbers and consider them as hard copies of sensitive information, we wouldn’t hesitate to secure and protect them from physical threats and attacks. So why is a physical data centre any different?
Without the appropriate physical security measures, this could lead to unauthorised access from large groups or individuals causing criminal damage and stealing data in the process. This not only puts sensitive data information at risk but also the premises and staff in potential danger also.
So what are the physical security standards for a data centre? In 2013 the EN 50600 collection of standards was developed for data centres to involve the various components like design, planning, installation and operations for data centres within Europe. The introduction of the universal standard was welcomed and highly appreciated amongst those working within the data centre industry.
However, when it comes to physical security, the standard does not specifically cover the necessary security ratings to protect from intruders. There are various other standards that address the physical security of data centres, for example fencing, gates, windows but they’re very rarely used.
It’s now 7 years on from the introduction of this standard. A great deal can happen within the space of 7 years; with growing amounts of data storage, more accessible attack tools and increasingly determined intruders. With this being said and the sensitivity of data centre information, should these standards be reviewed and improved every year?
With a forecast of 7.2 million data centres built around the world by 2021, should physical security standards be considered as an obligatory consideration for data centres enforced worldwide?