Data centres are a target-rich environment for thieves and are susceptible to theft when not properly secured. The risk of a data breach from a physical break-in is no less insurmountable than a technical data breach. This being said, it is remarkable how many companies have fallen victim to physical security breaches.
A well-known London data centre endured the impact of a burglary in 2006, when they were broken into and had a number of router cards stolen. This severely disrupted voice and data centre services to businesses throughout the Capital. The thieves entered through an external fire door, destroyed the door to the data floor and then a further two doors in order to retrieve the items they were looking for. A fellow data centre based in London equally felt the repercussion of a break-in, when thieves stole a van full of equipment estimated to be worth £6 million.
Another example of a physical data breach took place at the BT Exchange Centre in Mayfair, in 2008. Over £2 million worth of telecommunications equipment were stolen, including servers, routers and network cards, leaving thousands of homes and businesses without an internet connection.
A data centre operator in Basingstoke has similarly been a victim of this type of crime, with their facility being targeted in 2011. This facility is the major hub for the network and holds routing equipment worth millions of pounds; understandably, this breach caused major nationwide disruption to voice, text and mobile internet services.
By far one of the biggest data breaches as a result of a physical intrusion comes by way of insurance agency, Health Net. The data centre in which they housed their servers was breached, and several of their hard drives were stolen. Health Net estimated that up to 1.9 million of its members may have had their personal information breached, which in turn left them with hundreds of thousands of dollars in fines, and a Civil Court case for breaching HIPAA regulations.
These cases affected multi-million dollar companies, but the threat is no less real to those who run smaller businesses. Unfortunately, the cost of a physical security breach could be much more damaging to those smaller companies. Fortuitously, there are precautions that can be put in place to secure your data servers.
Physical security does not solely pertain to the perimeter of the building – if the entry points into your building are secured with LPCB certified doorsets you can be confident in their performance, but there are further measures that can be taken inside the centre itself to deter thieves.
Cross-Guard’s Ventis Server Safe is the strongest self-ventilating server safe on the market, manufactured with 3mm thick steel sides and a 4mm thick frame, with no visible fixings. It is available in six standard sizes, with the ability to either bolt rack-mounted equipment directly onto the integral framework, or house self-contained computer servers. Approved by the official UK Police flagship initiative ‘Secured by Design’ and certified by the LPCB to LPS 1217 Security Category 2, this server safe is insurance approved. The Ventis Server Safe is recognised by the Centre for the Protection of National Infrastructure and has been supplied to government departments such as the Ministry of Defence, the Home Office and HMRC, as well as to private companies including The European Space Agency, Lockheed Martin and EADS Astruim.
An additional layer of security can be added through the use of modular caging and enclosures. Extendor Cages are LPCB certified to LPS 1175 SR2 & SR3, and approved by both CPNI (Base Level) and Secured by Design. These bespoke engineered cages are available in an almost unlimited size range (from small strongboxes to entire rooms) to suit the requirements of any location and application. Their design allows these cages to be effortlessly assembled onsite, and facilitates easy future alterations and relocations.
Whilst for most, digital protection is seen as the quintessential form of data security, it is absolutely essential to include physical measures as part of your overall security strategy. Failing to do so can be exceptionally costly.
If you would like to speak to one of Cross-Guard’s data centre security experts, please contact us via firstname.lastname@example.org. or +44 (0) 1724 271 999.