Dr. Aly, O.
Computer Science
Introduction
The purpose of this discussion is to discuss and analyze the Physical Security consideration when developing and creating an environmental design for a data center, and the reasons for such consideration. The discussion also analyzes various control access to the data center and the types of access. The discussion begins with a brief overview of Physical Threats and Physical Security, followed by the Seven Safeguards for Sensitive Computer and Equipment. The discussion also discussed the Internal Security, and the Environmental Physical Security measures.
Physical Threats and Physical Security
The purpose of the physical security is to protect against physical threats (Stewart, Chapple, & Gibson, 2015). The physical threats include can be either natural-based threats or human-based threats. In both cases, they must be considered during the design of the data center. Natural-based threats include flooding, earthquakes, landslides, or volcanoes. The human-based threats include theft, vandalism, or intentional fire. Table 1 summarizes a brief list of these physical threats which should be considered during the design of a data center. Thus, the physical and environmental security should be considered in two domains of security. The first domain reflects the engineering aspect of the security as well as the management of the security. The second domain reflects the foundational concepts, investigation and incident management as well as the disaster recovery (Abernathy & McMillan, 2016; Stewart et al., 2015).
Table 1. Physical Threats to Data Center Design Consideration.
Thus, the physical security should be the first in a line of defense which should be considered from the selection of the site and the design (Abernathy & McMillan, 2016). A realistic assessment of the historical natural disaster events of an area should be performed, and cost/benefit analysis must be implemented to determine the most occurring threats and which threats can be addressed and which should be accepted (Abernathy & McMillan, 2016). Moreover, some of these threats are human-based threats such as the explosion and fire whether intentional or accidental, vandalism, and theft.
All physical security should be based on the “Layered Defense Model” (Abernathy & McMillan, 2016). The underlying concept of this model is the use of multiple approaches which support each other. Thus, there is no single point of failure or total dependency on a single physical security concept. If one tier of defense such as perimeter security fails, another layer will serve as the backup.
The physical security can be enhanced by applying the following concepts. The first concept is the Crime Prevention Through Environmental Design (CPTED) which is applied in any building. This concept addresses the main design of the data center starting from the entrance, landscaping, and interior design. The purpose of this concept is to create behavioral effects and minimize the crime. There are three main strategies to apply the CPTED during the design of the data center. The first strategy is the “Natural Access Control,” which applies to the entrance of the building, such as doors, light, fences, and landscaping. The underlying concept of this first strategy is to minimize the entry points and tight the control over those entry points to develop a “Security Zone” in the building. The second strategy of the CPTED is “Natural Surveillance,” to maximize the visibility of the data center, and decrease crime. The third strategy involves the “Natural Territorial Reinforcement” to extend the sense of ownership to the employees by creating a feeling of community in the area. This strategy is implemented by using walls, fences, landscaping and light design.
The implementation of the strategies of the CPTED and achieving their goals are not always possible, and a security plan must discuss and address these strategies to close any gaps. Thus, the Physical Security Plan is the second concept in this layered defense model. The Physical Security Plan should address techniques for issues such as criminal activity deterrents, intruders delay, intruder detection, situation assessment, and intrusion response and disruption. Additional physical security issues include visibility, surrounding area and external entities, accessibility, a construction such as walls, and doors. The data center should not have any internal compartment such as drop ceiling or partitions as they can be used to gain access and increase the risks. Separate heating, ventilation and air conditioning (HVAC) for these rooms are highly recommended (Abernathy & McMillan, 2016).
Seven Safeguards for Sensitive Computers and Equipment
With respect to the computers and equipment rooms, the physical access should be controlled to those which contain sensitive servers and critical network gear, by locking these rooms all the time and secured. The design of these rooms which contains sensitive servers and critical networks should consider the following seven safeguards. The first safeguard is to locate computer and equipment room in the center of the building. The second safeguard is to make a single access door or point of entry to these computer and equipment rooms. The third safeguard is to avoid the top floor or basement of the building. The fourth safeguard involves the installation and the frequent test of the fire detection and suppressions systems. The fifth safeguard involves the installation of raised flooring. The sixth safeguard is to install separate power supplies for these computer and equipment rooms. The last safeguard involves the use of only solid doors (Abernathy & McMillan, 2016).
Internal Security
While the perimeter security is important, the security within the building is as important, as prescribed in the “Concentric Circle” model. These security measures affect the interior of the data center, such as doors, door lock types. There are different types of doors such as vault doors, bullet-resistant door. With respect to the door lock types, there are various types such as electric locks or cipher locks, and proximity authentication devices which contain Electronic Access Control (EAC). Various types of locks can also be used for protecting cabinets and securing devices such as warded locks, tumbler locks, and combination locks. Moreover, biometrics can be used to provide the highest level of physical access control and is regarded to be the most expensive to deploy in the data center. The glass entries are also considered in many facilities and data center in windows, glass doors, and glass walls. Various types of glass should be considered such as standard glass for a residential area, tempered glass with extra strength, acrylic glass, laminated glass. With respect to the visitors, there must be a control technique for protection. Additional physical security measures include the equipment rooms and work areas. Additional physical security measures should include a restricted work area, media storage facilities, and evidence storage (Abernathy & McMillan, 2016).
Environmental Physical Security
Physical security measures should include environmental security measures to address the availability principle of the CIA triad. These measures include fire protection, fire detection, fire suppression. The power supply should be considered in the environmental, physical security measures, including types of outages such as surge, brownout, fault, blackout, and sags. The environmental, physical security measures should also include preventive measures such as the prevention of static electricity. HVAC should be considered as part of the environmental, physical security measures as the excessive heating can cause a problem, or humidity can cause corrosion problem with the connections. The water leakage and flooding should be considered as well (Abernathy & McMillan, 2016).
In summary, security professionals must consider various techniques for protecting the data center starting from the selecting of the building to the interior security to the environment security. They consider the CPTED strategies, and the seven safeguards. The natural access control is a discussion in this discussion, and the security professional must consider these natural control access.
References
Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.
Stewart, J., Chapple, M., & Gibson, D. (2015). ISC Official Study Guide. CISSP Security Professional Official Study Guide (7th ed.): Wiley.
Think and Knowledge Tank 