One reason that businesses choose to locate their critical hardware and software in third-party datacenters is to take advantage of higher physical- and procedural-security measures that such service providers offer. Security procedures encompass physical access to servers and other hardware; local and remote access to data and applications stored on the hardware; and protection against fire, flood, power outages and other environmental disasters . As time has passed, the risk factors affecting security have changed. How have colocation facilities kept up with these changing security risks?
Industry experts recommend that customers monitor colocation centers' security efforts in the following areas.
Power fluctuations and outages are facts of life in any datacenter. Colocation service agreements generally specify that the facility will provide backup power supplies to protect against power problems.
In the past, utility companies were fairly reliable. Power levels might fluctuate, but total outages were relatively rare and brief. Power-conditioning equipment that provided steady voltage and frequency to customers' equipment handled fluctuations in raw power supplied by utility companies. Battery-powered UPSes (uninterruptible power supplies) furnished power in case of outages, providing enough time to either restore utility power or conduct an orderly shutdown of servers.
But today, any shutdown of servers is likely to have a dramatic impact on a customer's revenue. It is essential that power be supplied continuously under all circumstances. Colocation facilities compete for customers in part by continually improving guaranteed uptime. Additional protections against power outages have become the norm.
Power outages have become more frequent and longer lasting in recent years. The demand for electricity has grown faster than utility companies' generation capacity, which strains the decades-old infrastructure. These factors have driven colocation facilities to install longer-running backup generators, and in many cases, to provide redundant generators to back up primary generators.
A single generator is no longer sufficient to guarantee the high levels of uptime demanded by today's colocation customers. Two or more alternative sources of power are becoming the industry standard.
Early colocation facilities depended on standard, commercial air-conditioning systems to maintain appropriate operating temperatures. But rack density and processor heat generation have grown, requiring more sophisticated cooling systems.
Today's newer colocation facilities are designed from the ground up to promote efficient airflow throughout all customer racks. Air-powered cooling systems cool evenly from the top of a rack to the bottom and supply higher levels of cooling to hot areas. These modern cooling systems make more efficient use of cooling energy, reducing electricity bills and lowering customer costs.
Liquid-driven cooling systems are becoming more common. They offer even more point-specific cooling efficiency and are capable of transferring more heat from processors at higher rates of speed.
Site security is an especially important factor for colocation facilities and their tenants. Employees from every customer come and go frequently, so monitoring and controlling physical access to the colocation building and individual tenants' equipment is vital.
Keys and magnetic-strip access-control cards can be stolen and duplicated, so these first-generation security measures are no longer adequate. Keyless access-control systems require personnel to enter a numeric code on a keypad to unlock building entrances and tenant equipment cages. In some cases, these codes may expire after a certain amount of time. Many colocation facilities are turning to biometric -access systems, which may include scanning of fingerprints and retinas to verify authorized personnel. A handful of tenants and facilities now require authorized employees to submit to surgical insertion of RFID (radio-frequency identification) chips under their skin.
Similar access-control systems are used on individual tenants' equipment cages, preventing unauthorized access at a finer level. Some colocation facilities require that personal escorts accompany tenants' employees as they move about through a facility.
High-resolution, motion-activated surveillance cameras provide additional monitoring of personnel movements throughout colocation facilities. Cameras should survey the grounds that surround a building, as well as every physical-access point, including windows, hallways, doors that provide access to equipment rooms and the rooms themselves.
Physical assaults against datacenters are of increasing concern. A terrorist or a disgruntled employee may attempt to damage a colocation facility or a tenant's equipment. Colocation facilities have increasingly installed physical barriers to ward off such attacks.
Fences topped with barbed or razor wire are common at colocation facilities. The number of doors and windows are often minimized to limit points of entry into a building. Thick, reinforced walls, sometimes lined with bullet-resistant materials such as Kevlar, are designed to prevent penetration by snipers.
Assaults by vehicles that may be loaded with explosives are hindered by gated entries, which are often equipped with heavy bollards that can be raised or lowered.
Fire might be a colocation tenant's worst nightmare. Entire installations can be wiped out by water or smoke damage, as well as the flames themselves. Colocation-facilities managers take this threat very seriously and constantly upgrade smoke- and fire-detection and control systems.
Smoke-detection systems can now detect individual particles of smoke and tiny quantities of combustion gases. Naturally, smoking tobacco is forbidden inside of all colocation facilities. Fire-extinguishing systems do not use water, of course; inert gases eliminate the oxygen that is essential for combustion. Modern fire-extinguishing systems apply extinguishing chemicals only to areas of actual combustion to minimize risks to adjacent equipment.
Colocation facilities must also protect tenants' assets from remote intrusion. Firewalls and 24/7 intrusion-detection monitoring are standard protective measures. Alert systems and countermeasures are increasingly responsive.
Colocation tenants may cross-connect with each other's servers within the colocation facility to avoid carrier charges. Cross-connects represent a vulnerability, because if one tenant's installation is compromised, a hacker may gain access to cross-connected tenants' systems. Cross-connects are another point of vulnerability that colocation facilities managers must monitor, so some providers now forbid cross-connects in their facilities.
Security in colocation facilities is an ongoing concern, as companies are installing more mission-critical systems in them. Colocation-facilities managers are continually upgrading security measures to ensure the safety of customers' vital systems and data.
In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more
Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more
For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more
With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more