User Manual

ManualsBrandsSiemens ManualsBuilding automationBuilding automation and control systems - System Catalog 2016

> White Paper | Best Practices in Digital Transformation

The Importance of Physical Security

Much recent attention on data center security has focused on disruption

caused by threats to cybersecurity. Yet focusing eorts purely on this

source of threat can draw attention away from the threat of physical

attacks on, or accidental damage to, premises and equipment.

For the MTDC, the standard of physical security is one of the

key criteria by which they are chosen and judged. As these data

centers become denser in terms of space and power utilisation, so

the costs of a failure will become greater. MTDC have been able

to tie hardware capacity more tightly to utilisation and end user

provisioning, notably by employing server and storage virtualisation

to consolidate the volume of physical hardware deployed. This has

improved the bottom line both in terms of reduced wastage and

increased revenue. Saved space has therefore quickly ﬁlled with

more hardware as MTDCs look to maximise their capacity.

Yet the MTDC set-up put more pressure on physical security

requirements, especially in multi-tenant facilities that see many

dierent service providers and their customers house equipment

side by side.

Multi-tenant facilities give clients agreed levels of freedom

to manage their own software and hardware in a controlled

environment, possibly sharing access to server rooms to carry out

upgrades, repairs, new installations, and routine maintenance. That

increases the volume of trac, vehicle and human, travelling in and

out of the facility. This has the possibility of increasing the threat of

disruption if not carefully and securely managed.

The development of a strategy for physical security will not be the

same for all MTDCs. An organisation building a new ‘greenﬁeld’

data center will have considerably greater latitude to follow all the

recommended build and design principles and to install all the latest

access and anti-intrusion technologies than an organisation hosting

its IT in an older facility or as a section in buildings where other

commercial, administrative or industrial activity takes place.

There are two related principles that apply to the physical protection

of the data center. The ﬁrst is ‘defense in depth’, that is to ensure

protection is backed up so that if it fails at one point then there is a

further defense behind that, and ‘layered’ security. As data centers need

to provide access as well as defense, a key component of security is

the need to organise it around a series of points at which further access

is allowed or denied to someone seeking entry to the facility.

There will be the continuing need to deploy available security

measures to protect the data center.

In terms of protection against threats from the areas around the

data center this may include building perimeter walls, embankments

and fences, multiple security checkpoints, manned security stations,

mantraps, biometric readers., locating the building away from the

Figure 16: Estimated value of security investments in MTDC

sector 2016 (US billion)

Cybersecurity,

US$ 31bn

Security outsourcing,

US$ 5bn

Equipment for

physical security

US$ 6bn

perimeter of the site, keeping equipment racks away from any

external walls and away from windows and establishing surveillance

networks covering both internal and external areas and perimeters.

Within the data center white space security can be provided by

intruder/ﬁre alarm and control systems, lockable racks and cages

in multi-tenanted environments, ﬁre-proofed/air-locked doors,

powder ﬁre extinguishers, a gas based building wide ﬁre suppression

systems and access controls.

Further advances based on facial or retinal recognition,

the deployment of AI to drive access and security systems,

technological improvements around CCTV, motion detection,

the remote control of locking mechanisms, the use of laser

technologies to create beams that provide a barrier to a protected

zone can be deployed as they are developed.

The analysis of the threats and situations that threaten a data

center indicates that, short of catastrophe (usually from natural or

human causes), it usually takes more than a single event to cause

unplanned downtime. More usually it requires a sequence of events

rolling out from an initial cause and these will include the failure of

the systems designed to protect against the initial error. Humans

usually have a role somewhere – mostly accidentally. Therefore it

is critical to establish any shortcomings in the people working or

coming into a mission critical facility.

As with commercial airliners, most unplanned downtime occurs

as the result of a sequence of events with the start cause as a loss

of mains power whether caused by a natural event or grid failure

with its run-thru eect on power systems, this is normally followed

by failure of back-up power/UPS systems and/or the failure of

monitoring/alarm systems and the irrecoverable failure of servers. A

similar pattern plays out with the failure of cooling, the occurrence

of a thermal event and the loss of availability (and sometimes,

worse). One of the key causes of disruption is the over-running of

scheduled downtime where no physical damage is done to the data

center but disruption is extended.