19 Ways to Build Physical Security into a Data Center

Mantraps, access control systems, bollards and surveillance. Your guide to securing the data center against physical threats and intrusions.

15. Use two-factor authentication. Biometric identification is becoming standard for access to sensitive areas of data centers, with hand geometry or fingerprint scanners usually considered less invasive than retinal scanning. In other areas, you may be able to get away with less-expensive access cards.

16. Harden the core with security layers. Anyone entering the most secure part of the data center will have been authenticated at least three times, including:
a. At the outer door. Don't forget you'll need a way for visitors to buzz the front desk.

b. At the inner door. Separates visitor area from general employee area.

c. At the entrance to the "data" part of the data center. Typically, this is the layer that has the strictest "positive control," meaning no piggybacking allowed. For implementation, you have two options:

1. A floor-to-ceiling turnstile. If someone tries to sneak in behind an authenticated user, the door gently revolves in the reverse direction. (In case of a fire, the walls of the turnstile flatten to allow quick egress.)

2. A "mantrap." Provides alternate access for equipment and for persons with disabilities. This consists of two separate doors with an airlock in between. Only one door can be opened at a time, and authentication is needed for both doors.

d. At the door to an individual computer processing room. This is for the room where actual servers, mainframes or other critical IT equipment is located. Provide access only on an as-needed basis, and segment these rooms as much as possible in order to control and track access.

17. Watch the exits too. Monitor entrance and exit—not only for the main facility but for more sensitive areas of the facility as well. It'll help you keep track of who was where when. It also helps with building evacuation if there's a fire.

18. Prohibit food in the computer rooms. Provide a common area where people can eat without getting food on computer equipment.

19. Install visitor rest rooms. Make sure to include bathrooms for use by visitors and delivery people who don't have access to the secure parts of the building.