Redundancies: Data centers need two sources for utilities, such as electricity, water, voice and data. Trace electricity sources back to two separate substations and water back to two different main lines. Lines should be underground and should come into different areas of the building, with water separate from other utilities. Use the data center's anticipated power usage as leverage for getting the electric company to accommodate the building's special needs.
Use two-factor authentication: Biometric identification is becoming standard for access to sensitive areas of data centers, with hand geometry or fingerprint scanners usually considered less invasive than retinal scanning. In other areas, you may be able to get away with less-expensive access cards.
Harden the core with security layers: Anyone entering the most secure part of the data center will have been authenticated at least three times, including:
- At the outer door. Don't forget you'll need a way for visitors to buzz the front desk.
- At the inner door. Separates visitor area from general employee area.
- At the entrance to the "data" part of the data center. Typically, this is the layer that has the strictest "positive control," meaning no piggybacking allowed.
Other physical security precautions can include:
- Using landscaping for protection
- Retractable crash barriers at vehicle entry points.
- Using plenty of cameras and planning for bomb detection
Whilst these extra precautions can be expensive, they're simply part of the cost of building a secure facility that also can keep humming through disasters.
Encryption is the Foundation of the New Data Center by Tom Gillis, Contributor, Network World
For decades, encryption was an arcane art. Encryption was slow, clunky and highly complex, and as a result, the vast majority of data in the data center resides on storage systems in the clear. Sensitive data has historically been protected by IP segmentation and firewalls with IPS modules. This model is now changing.
As workloads in the corporate data center begin to migrate to the public cloud, the need to encrypt data in motion and at rest becomes foundational. In the public cloud, it is much harder to rely on the traditional approaches of wrapping select data with firewalls and IPS systems. At the same time, it is much easier to post a heap of sensitive data to an object store such as Amazon S3 and inadvertently leave it open to the unwashed Internet. Customer-controlled encryption is becoming a necessity for the enterprise hybrid cloud.
The data center of the future will be defined entirely in software. It will be dynamic and portable, spanning premise-based private clouds and hyperscale public clouds. It will provide businesses with the agility they need to respond to rapidly changing market conditions, as well as to innovate rapidly. A software-based encryption solution will be the foundation of this new data center architecture. The role and importance of such an encryption layer is only just beginning to be realized.
Sign up for Computerworld eNewsletters.