CPTED Crime Prevention Through Environmental Design ( CPTED ) creates an environment around the data center to deter nefarious activity. CPTED lowers the likelihood to breach the perimeter of the data center, and increases the ability to detect breach attempts. A good description of the history of CPTED applied to urban planning is found here.…
Last month I was asked to do a presentation about data center security for a Data Center Dynamics conference in Atlanta. In my presentation, I offered an explanation of how the traditional CIA fundamental security model projected onto functional dimensions of data center operations and the role of the data center to the Business. It also gave me an opportunity to rant about some of my data center pet peeves, such as cardboard and packing material on the computer room floor, and man-traps that are more like marching band traps. Much of this though was brought to focus onto what I think is a dangerously narrow view of data center availability and the actual impact on a Business’ risk governance plan.
CIA- The Fundamental Dimensions of IS Security
Let me begin with CIA. For those readers who are not IS security professionals, “CIA” is not the Central Intelligence Agency. Rather, CIA is the fundamental academic model of the full scope of IS security; Confidentiality, Integrity, Availability.
As someone with a strong operational ethic, one of my pet peeves is the colo site that resembles a monthly self-storage facility.¬† I’m referring here, to allowing (or tolerating) tenants storing boxes, material, and debris in their cages.
A colocation facility that has cardboard and other such material in customer cages shows very poorly.¬† That is, new customers touring the site as a potential future data center will not be impressed by the apparent state of operational controls when trash is visible in cages.
More importantly though, storage of cardboard and packaging material on the IT floor is a security risk.¬† This material is likely the most flammable of any present in the environment, and fire is an availability and safety exposure.
Through several posts on this blog, we discussed the many aspects of confusion around the term, “Cloud Computing.”¬† After attending this year’s Cloud Expo in New York City and seeing the same three-layer stack (IaaS, PaaS, SaaS) slide in fifty half of the presentations, I have to conclude that confusion still exists in the minds of the IT community trying to come to terms with the ongoing commotion over “Cloud.”¬† In this writer’s humble opinion, there is very little new food for thought that’s emerged from the Cloud conversation over the past year.*¬† ¬†The proliferation of genuine commercially available cloud services, and the proliferation of conferences and articles on cloud computing seemingly have not improved the understanding of those who are confused about what is and what isn’t cloud computing.¬† ¬†In this article, we will touch upon those old misunderstandings and some of the new ones.
As I’ve watched the momentum of the Cloud, it’s caused me to reflect upon earlier discussions about data center physical security. It’s long been my opinion that physical security will soon emerge (or re-emerge) as a top issue in data center planning, since businesses and consumers alike are increasingly reliant on the data and transaction processing being concentrated into these facilities.
In the late ‚ 1990’s, I was in the UK prospecting for data center space for an initial European footprint for E*Trade. During that prospecting trip, I toured an old AT&T data center in a remote area North of London. This facility was surrounded by earthen berms at least eight feet high, as well as a very sturdy barbed wire fence. Why all this for a facility in the middle of the country side?