When you think about data centre security, your first thought may be of the formal accreditations your colocation provider ought to have – like ISO27001, for example. However, while this is important, it won’t necessarily tell you the whole story.
If your data centre is really serious about security, it’ll meet this core requirement and then some. The top colocation providers are the ones that think of every possible weakness when it comes to security, and pull out the stops to address those vulnerabilities.
In an age when almost any weakness in information security can and will be exploited, it makes sense to put your data in the hands of someone who is not one but many steps ahead. Here’s how to find out if your colocation provider makes the grade.
Bespoke security measures
Any data centre worth its salt will have rack-level security controls like electronic locks and key fobs. However, some might be reluctant to oblige customers that want to install their own controls, which can make it harder for you to maintain complete control of access to your equipment.
Colocation providers that offer their customers a greater level of flexibility and power over their security measures are a safer bet for firms in regulated industries and those that handle sensitive and confidential data, particularly if the bare minimum may not be enough to satisfy auditors.
The difference between two and three-factor authentication can be more significant than some colocation customers realise. With two-factor, which is normally delivered in a data centre via a swipe card and PIN, there’s a much higher risk of compromise – and all the more so if your swipe card is marked in some way with your name or other personally identifiable information.
As such, three-factor authentication isn’t just something data centres do to make customers’ lives more complicated – it’s a much more secure method of preventing unauthorised access to their premises. With an iris scanner in particular, it’s almost impossible for someone to break past all three barriers – regardless of whether they have your swipe card and PIN at the ready.
And three-factor won’t normally make it more difficult for a person to get inside the data centre – so long as they have all three factors, they should be inside the facility within minutes. If they don’t, they won’t get in – which is exactly what you want.
No security personnel on front desk
Yes, you read that right. Security personnel in the reception area of a data centre are vulnerable to attack, and – if forced to choose between one and the other – will probably compromise the facility’s security rather than their own safety.
In an ideal world, security personnel should operate from the safety of a control room. In our Manchester data centre, for example, staff are located behind high density and double blast-proof concrete walls, allowing them to make the right decisions while removed from any kind of potential danger.