Net Access Blog

Rob Stevenson

Find me on:

Recent Posts

Net Access Takes a Proactive Approach to Data Center Security

Posted by Rob Stevenson on Jul 23, 2015 8:47:55 AM

In my previous two blog posts I discussed the importance of physical data center security, outlined some of the common controls that data center operators are utilizing today, and suggested some questions to ask when evaluating a data center’s physical security policies. For today’s post I wanted to be a bit more specific about how Net Access handles physical security at our data centers.

FingerScan1

There is no “one size fits all” solution and that’s why data center security applications tend to vary. I think our security design is primarily driven by our customers’ needs and expectations but also their feedback as well. In order for data centers to appeal to their prospective customers, they need to be able to offer an attractive security package. Many in the industry have recently decided to heavily invest in their physical security designs and I think it has really raised the bar.

There are still some large disparities that exist out there as well. I’ve seen data centers that continue to log visitors in manually (with pen and paper) and handwrite the name tags that they issue out to guests. On the opposite end of the spectrum I’ve seen data centers that employ armed security guards to protect their facilities so you never really know what to expect. 

PORTAL1

Net Access data centers are manned 24x7x365, with a security office in the front area protected by Kevlar embedded walls. We utilize multi factor authentication, with biometric scanning – both fingerprint and iris – for all visitors, even employees. Additionally all data center floor visitors must individually enter and exit through an anti-tailgating portal. We have HD security cameras inside and outside all buildings, and have a 90 day retention period for video footage and a 6 month retention period for keycard transaction history.

A unique aspect about our security department at Net Access is that all of our employees work directly for the company and are not contracted out by a third party. That means we adhere to the same policies and share the same company goals. It also allows us to provide a more intimate customer experience as we are aware of our customers’ individual needs and expectations. And our security department employees all have a vast amount of industry experience. We have employees that derive from military, law enforcement, public safety and loss prevention backgrounds and a few have earned criminal justice degrees along the way. All security employees are required to be NJ SORA (New Jersey’s recognized security officer training program), CPR, AED and First Aid certified. This training and experience allows us to provide our employees and customers with a safe and secure work environment and also gives us the ability to respond to any emergency situations that may arise.

Another key security tool is our customer care portal. Created by our development team, data center customers can log-in to the portal and easily pre-schedule visitors, track incoming shipments and even review keycard history for all access card holders that are listed on their account.

IRISSCAN1

Looking forward, as the image at the bottom of this post indicates, we have several security enhancements scheduled to take place between now and the end of the year. The most noticeable change will be the addition of a 10-foot high perimeter fence that will border the property of our Parsippany II data center. This project will include K-rated access control gates that will control the access of vehicles entering/exiting the site, as well as the addition of numerous large ‘security’ boulders to further protect the perimeter. License plate recognition cameras and software are also being considered.

We are also in the process of upgrading the entry access platform at all of our data centers, and integrating that with our video surveillance software. This project will enhance security’s ability to view and respond to alarms by incorporating an active building map. When alarms are generated from the entry access system they will automatically pull up any associated cameras for that particular event. This will lead to faster response times and the ability to easily investigate alarm events.

 

Net_Access_Site_Security_Improvement_Render_ingJPG

 

Rob_Stevenson Rob Stevenson has been with Net Access for over 6 years and currently manages the Security department. He previously served 4 years in the U.S. Air Force as a Security Forces member.

Read More

Key Questions to Ask When Evaluating a Data Center's Security Policies

Posted by Rob Stevenson on Jun 11, 2015 11:25:58 AM

Data-Center-SecurityAs I mentioned in my last blog post, today’s data center has become a key strategic asset for most companies, but it seems that often times physical security takes a back seat to IT security when companies are selecting a facility. When evaluating data center solutions, asking the right questions is of paramount importance for the future proofing of your investment. When touring a prospective data center, here are some key physical security questions that you should ask:

 

EXTERIOR SECURITY:

  • What kind of perimeter protection does the facility provide, and are there any natural or structural physical barriers incorporated into the design?
  • Is there a perimeter fence and/or access control gates restricting vehicle and pedestrian traffic?
    • Are these items K-rated? “K” indicates the DOS certified barrier speed rating’s maximum vehicle impact speed achieved when a vehicle traveling at a nominal speed is successfully arrested by the barrier from a perpendicular direction.
      • K12 = 50 mph (80 kph)
      • K8 = 40 mph (65 kph)
      • K4 = 30 mph (48 kph)
  • Is there sufficient exterior security camera coverage?
  • Is there adequate exterior lighting at night?

FACILITY ACCESS:

  • How many points of entry/exit are there for customers and visitors? When customers and visitors enter and exit through a single point it significantly reduces the chance of a security breach.
  • Are the building entry points single factor or multi-factor? Multi-factor authentication methods such as biometric fingerprint readers should be utilized for granting access to the building. Single factor methods like card swipe readers are easily defeated as keycards can be dropped in the parking lot (or other areas) and be picked up and used for entry by any individual.

INTERIOR SECURITY:

  • How is the interior of the building protected?
  • What types of security systems are being used to monitor video and entry access alarms?
  • Are security personnel onsite 24x7x365? If not, what are the hours that security personnel are present and are they providing in-house security or are they contracted out from a 3rd party vendor?
  • Is there an adequate number of surveillance cameras monitoring the critical areas?
  • What type of alarms are being monitored (forced entry, door held open, etc)?
  • Do you have the ability to request video footage and/or an investigation of an event?

SECURITY RECORD RETENTION/COMPLIANCE:

  • What is the retention period for video footage and keycard swipe records? I would strongly recommend having access to these items for a minimum of 30 days as you will most likely need to use them at some point.
  • What types of data center compliance measures are in place to ensure that the industries best practices and standards are being met?  Some of the common compliance audits include the Payment Card Industry (PCI) Data Security Standard (DSS), the Statements on Standards for Attestation Engagements (SSAE 16) and the Health Insurance Portability and Accountability Act (HIPAA).

EMERGENCY EVENTS:

  • What measures are in place to respond to emergency events?
  • Do proper policies and procedures exist to mitigate any potential damage?
  • Is there a sufficient fire monitoring system in place?
  • What type of fire suppression system is being used and who is the monitoring company?
  • Are there any first-aid kits or automated external defibrillators (AED’s) onsite, and is the staff required to know how to use these items?
  • What kind of security related training or certifications exist?

 

Rob_Stevenson Rob Stevenson has been with Net Access for over 6 years and currently manages the Security department. He previously served 4 years in the U.S. Air Force as a Security Forces member.

Read More

Topics: security

Don't Take Data Center Security for Granted!

Posted by Rob Stevenson on Jun 1, 2015 3:33:13 PM

Data-Center-Security I think it’s imperative that today’s data centers provide an adequate layer of physical security and incorporate that into their facility design and architecture. Customers have a lot of time and money invested in the assets they store within their data centers. In return they are entrusting their colocation partner to provide the security protection necessary to keep their assets safe.

At times physical security has a tendency to take a back seat to IT security when companies are selecting a data center. Customers are focused on the obvious requirements, such as network infrastructure, redundancy, power and cooling, but often times they fail to realize the importance of physically supporting and securing their assets. It goes back to the old saying, “you are only as strong as your weakest link” and I think that holds true in this industry. Why invest so heavily in IT if someone can just walk into a building, manipulate their way into your environment and obtain physical access to all of the data stored in your cabinet? An optimal data center provider should be able to offer a well- balanced IT and physical security solution for their customers.

block_compliance1

A typical data center needs to incorporate entry access (software/readers/ACU panels/hardware), video surveillance capability (cameras/software/licensing), and visitor management controls (software/badge solutions) into their overall security plan. All of these items would only allow a data center to meet the most basic customer requests like reviewing camera footage, entry access alarms\transaction logs and efficiently being able to track visits. Add in the cost of full-time security personnel and a few advanced measures like an anti-tailgating security portal or perimeter site protection and it’s easy to see how annual operating costs can easily be hundreds of thousands of dollars.

But as you know the security industry as a whole has changed pretty drastically over the past decade due to increased threats. Data center security has certainly evolved over that period as well. You are starting to see companies invest in advanced biometric systems such as face scanners and iris readers that add an additional layer of protection to the most critical areas. Anti-pass back devices such as security portals are also being used to ensure that each and every individual is being authenticated when passing through biometric access points. And data centers are increasingly investing in perimeter protection such as fencing and access control gates that help regulate vehicular and pedestrian traffic onsite. The ability to identify authorized personnel and deny access to unauthorized individuals before they ever step foot on company property is a huge advantage and helps to limit your liability from a security perspective.

 

Rob_Stevenson Rob Stevenson has been with Net Access for over 6 years and currently manages the Security department. He previously served 4 years in the U.S. Air Force as a Security Forces member.

Read More

Topics: security