In today’s world, data breaches are very common and are increasingly grabbing headlines. While the threat from inadequate logical security plays a role, physical security features must be considered just as seriously. As most data center operators, Verizon Terremark considers physical security both inside and outside the data center a top priority to help protect its customers’ data.
When the Network Access Point (NAP) of the Capital Region opened in June 2008, the location was widely questioned for its seclusion. The team’s response noted that if there were a more secure location, you wouldn’t be able to find it. NCR is located 60 miles from Washington D.C. in Culpeper, Va. and was purposely built to serve the Federal Government. Its location was methodically selected based on the proximity to the Nation’s Capital as the data center needed to be accessible yet separate from the city and allow for a campus-style setting and future expansions.
A NAP’s separation from major city centers isn’t an imperative, as Verizon Terremark also has facilities in metropolitan areas. For example, the downtown Miami location was strategically selected because of its proximity to fiber optic cables that come out of the Atlantic Ocean. There are only two locations in North America where these fiber optic cables connect into North America: Miami and New York.
Regardless of the location of the NAP, the environment must allow for securing the perimeter. Entrances points, exits, gates, parking lots and garages must be closely monitored by trained personnel around the clock to maintain proper security at the location to protect customer data. Each system or layer of the network should be properly secured and a facility with several points of access could prevent someone with ill-intentions to access a floor or colocation aisle without the proper permissions. Key card admittance to certain areas of the facility, as well as video surveillance and locked server cabinets and cages, are basic guidelines to follow in order to protect customer data.
Besides the physical security systems and procedures within the facility, the people around the critical equipment need to be highly trusted. Technicians, whether hired by the data center or the customer, should not only be trained to manage data, but also undergo proper background checks and agree to ethics standards set forth by their employer to protect the many elements that compose a data center environment.
As physical security features are carefully considered by enterprises outsourcing their IT operations, the responsibility must be shared between the customer and data center. It is the customer’s responsibility to know where their critical data is housed and how difficult – or easy – it is to access it. The data center must put the proper security measures in place and be transparent with the customer about the precautions to protect the customer’s data. Customers should tour the data center to help ensure they have an understanding of the security measures and experience them in a tangible way.
