Link

Physical Security

It is essential that only authorized personnel have physical access to the datacenter. Data centers hold sensitive and crucial information and services. Software-based protections on your server(s) become far less effective or even useless as soon as an attacker gains physical access! Access into a data center is fairly limited.

Best practices:

Role Based Access Controls on a physical level

Make sure that anyone that is authorized to enter the datacenter can only access those parts they are entitled to. Follow the principle of least privilege, give people the correct rights to do their job properly, nothing more nothing less. For example, an UPS and generator engineer does not need access to any of the racks in the datacenter and a Compute engineer should not have access to the UPS and generators.

Equipment Racks

By placing and using locks per 19-inch rack you can shrink the physical security domain from the whole datacenter to a 19-inch rack. By smartly placing the different hardware components and their specific roles in different racks can enable RBAC rights to that particular security domain. For example do not place the Veeam Repositories in the same racks as the production storage or the hypervisor hardware.

Access to the Datacenter

An important part of a layered security defense is always knowing who entered the Datacenter and that access is being logged. Any authorized person to enter the datacenter has its own digital access key combined with something they know like a pin code and/or biometric measures. Make sure people are screened before they become an authorized person to access the datacenter.

Surveillance

It is crucial to protect a data center from external threats and attacks and to make sure only authorized personnel has access to the areas where they need to be. Monitor for suspicious activity using footage from surveillance cameras (CCTV) installed along the outside perimeter but also inside the datacenter.

Important: Even though you do not have your own Datacenters and are renting space or even just Infrastructure as a Service, always check how the physical security is arranged and if it fits your security policy.