Current Filter: Network>>>>>Feature>

   

Entrusting the critical data and systems of your business to a third party requires a high level of trust, and when investigating potential hosting or colocation partners, organisations must pay a lot of attention to the information and data security credentials of vendors. However, equally as important is the security capability of the data centre itself.

LOCATION, LOCATION, LOCATION
They are everywhere: surreptitiously located on the outskirts of town, on an industrial site or standing alone in the countryside. Data centres are typically nondescript buildings without signage and located away from the city centre, airports, chemical plants and waste water plants. When it comes to evaluating sites there are a number of issues to consider with the majority centred on security.

Considering data sovereignty, the geographical location of your data centre is important, for example, keeping your data within the boundaries of the EU if your organisation is based in that region. However, there are other considerations, such as geological factors that can impact on a data centre's suitability. Is the site located in an area prone to extreme weather such as flooding, extreme heat or cold?

POWER AND CONNECTIVITY
Given that the data centre is heavily dependent on the constant supply of electricity and connectivity, specific attention should be paid to the ability of your provider to deliver this. Ideally electricity should be sourced from two independent grid systems, and connectivity supplied from more than one vendor.

ACCESS CONTROL
Access to the site should be regulated, with careful screening of visitors. Customers, suppliers and employees should present a valid and relevant access request at the entrance to the site. As a potential customer you will most likely - in fact should - experience this first hand during a site tour.

Once the access request has been verified, you should be able to proceed through a traditional anti-tailgate entrance (or remote anti-ram raid bollards) supported by CCTV capturing of a vehicle's occupants as well as its licence plate for an automatic number plate recognition (ANPR) system.

There should be clear, well-marked routes directing visitors, employees or deliveries to designated parking areas.

Gaining access to the actual building should once again involve validation of an access request for visitors and customers and an escort to another designated waiting area. Employee access should be managed through a combination of card-swipe systems using pin or token verification. This can be further bolstered with biometric access control, particularly for granting access to the heart of the data centre. Typically data centres employ a layered approach for granting access to data centre halls, often requiring triple authentication before access is granted.

THE PERIMETER
Industry best practice dictates that a perimeter fence of robust steel should form the primary line of defence. Ideally the fence should feature metal clasping bolts (as opposed to less expensive plastic clasps) between panels. Infrared motion sensors and CCTV cameras should be used on both the perimeter and throughout the grounds that surround the building.

A 24-HOUR SECURITY TEAM
Underpinning all of these aspects is the presence of 24-hour security personnel. From manning the initial entrance and being positioned in reception, to patrolling the grounds and perimeter, security guards play perhaps the most important role. Security personnel are responsible for validating visitor access requests, escorting guests and contractors around the building, and monitoring CCTV footage and access control logs.

The checklist for a safe, secure and reliable data centre provider is exhaustive, and finding the perfect hosting partner near impossible. Ultimately, your decision should be based on a combination of vendor credentials, including reputation, solution capability and data centre security if you want to make a truly sound investment.