There are lots of things to consider when choosing a colocation provider. However, if your business works with a lot of sensitive or regulated data, there’s a good chance there’s one thing you’ll want to assess and verify in potential partners above all others: their security and compliance credentials.
This is an area you can learn a lot about during a guided tour of their data centre - but only so long as you know what to look for, and what questions to ask to really get to the heart of their accreditations, management practices and overall outlook on security.
Below are our recommendations for getting the most out of your data centre guided tour.
What do your data centre’s accreditations tell you?
Looking at accreditations is an excellent starting point when it comes to assessing data centre security, and with good reason: it’s quick, easily done, and confirms at once that a facility upholds industry-recognised standards.
Most data centres worth considering will be compliant with ISO27001, the best-known international benchmark for information security management. However, any other accreditations outside of this will also tell you a lot about a data centre, and how much time and effort the colocation provider dedicates to security and compliance.
You may want to look for certifications like the NSI Gold scheme, for example, or the presence of SIA-approved personnel.
What about the data centre’s physical security?
A data centre should employ a wide range of physical security measures to prevent break-ins. Our Manchester data centre, for example, is protected by anti-climb perimeter fences, electronic locks, turnstiles, virtual tripwires, mantraps and more. Look for a layered approach that delivers multi-factor authentication, and ensures the site continues to be secure even if one or more of the layers are breached.
Another security measure you may find important is the presence of manned security on-site. That said, be aware that a front-of-house security guard can actually be a security risk, being prone to human error and susceptible to social engineering. A remote control room and 24-hour CCTV monitoring tends to be a better option.
On the data centre floor itself, if you or your customers handle a lot of sensitive or regulated data, you should enquire about the availability of private caged areas. This way, you can ensure that even the facility’s staff are kept at arm’s length from your servers and infrastructure – satisfying even the most stringent of compliance levels.
Is your data centre well managed?
TeleData's Manchester data centre is monitored by 24-hour SIA-approved security.
Finally, even the most locked-down site with top-level accreditations and high-tech access controls can be a security risk without the right staff managing it.
While undertaking a guided tour of a colocation provider's facility, you should try to learn as much about their approach to security as possible. Don’t let them cite ISO27001 compliance and then hurry on to the next question – instead, they should be willing to provide you with a detailed overview of their security controls, policies and procedures, and even sit down with your audit team if necessary to help you establish the site can fulfil your requirements.
You’ll often find that small, independent colocation providers are better than their big-name counterparts in this regard, because their security leadership will tend to be on-site rather than in a head office somewhere, and very active in the day-to-day running of the data centre.