Don't stint on datacenter physical security

When was the last time you actually evaluted the physical security of your datacenters from a planned attack?
Written by David Chernicoff, Contributor on

You've spent millions of dollars on the latest technology equipment, you're running hardware-based security systems that guarantee your customers and users the security of your data, and you have active monitoring in place to proactively head off any potential environmental and power problems.  So what can go wrong?  How about a couple guys with sledgehammers and a moving van?

Vodafone, one of the largest cellular carriers in the world, lost service to millions of customers when a group of thieves, armed with sledgehammers and a van, broke into an isolated datacenter and apparently just stole  some very specific equipment; the racks of routers, with a value well into the millions.  Vodafone had to pull equipment from their testing labs in order to get their customers back online. Unsurprisingly, the system shutdown, not the theft, was what customers were complaining about, and the theft, which occurred on Sunday, still had customers offline on Monday afternoon.

It's not unusual for phone company Central Offices on the smaller side to be unmanned, locked buildings, but other than random acts of violence, they've never really been the target of equipment theft. The CO equipment was just too specialized for there to be a lot of value in it for thieves.  Copper theft was always much more of an issue. But now that these buildings contain specialized, but much more standardized, networking equipment, the black market for this equipment is huge, especially in Europe. This makes it a much more attractive target for thieves.

When you consider the imposing size and physical structure of a datacenter, you have to also look at the value of the contents, not just the equipment, but what happens if that equipment goes offline.  A fully operational 100,000 sq ft plus datacenter may only have a few people actually working in that building, with an even smaller number there in the wee hours of the morning.  Physical security may have been addressed, but how many of you have given serious thought that the physical security problem might be more than just casual vandalism?

Editorial standards