In the previous two columns (see: Part 1 and Part 2), security specialist Jan Buitron reported on a horribly non-secure facility at which she worked some years ago. Today she summarizes her conclusions about the state of facilities security at this dreadful site.

In medieval poet Dante Alighieri’s (1265-1321) conception of hell, the eighth ditch of the eighth circle of hell is reserved for fraudulent counselors. [See “The Physical Structure of Inferno”] It seems to me that the people who managed facilities security for the company in question deserved to be in that particular ditch! I think that readers should examine their own facilities with a critical eye in light of this case study.

* * *

Observations and Recommendations

The company needed to move the data center! There were moving plans in place when I left the company, but the plans were verbal. The underlying reason for the move was partly to improve the data center’s situation, and also the data center manager’s commute would be shorter (!).

Common sense and industry experience tell us that this case study illustrates the following principles:

* A data center site should be located in an area with well-maintained streets and adequate street lighting and storm drainage.
* The building must be away from multi-lane highways, train tracks and train tank cars full of flammable liquids.
* The data center central processing area should be located in an area central to the building with no exterior walls adjacent to critical computing equipment.
* A motion detection alarm system should protect all areas of concern including access doors, circuit breaker access and control rooms.
* The surrounding area must contain no oil refineries or chemical plants. A suitable site should be away from industrialized areas.
* The area should be away from transmission towers and sources of high-frequency radio waves.
* A data center site should include redundant power feeds to the central processing area.
* A data center site should have the ability to quickly connect to a back-up T-1 line in the event the primary line is severed.
* Circuit breakers, electrical equipment should be maintained in separate rooms with restricted access.
* The walls surrounding the central data processing area must act as complete partitions from the floor to the roof. This design prevents an intruder from climbing up and over a partial partition by lifting ceiling tiles and climbing over the wall.
* Electronic badge access should be installed for access to the server rooms.
* For personnel safety and building security, the exterior lightning should be designed for maximum visibility with reliable lighting.
* For personnel safety and site security, the parking lot should be adequately lit, well maintained and free of debris and hazards.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.