This informal CPD article ‘The Importance of Perimeter Security for Data Centres’ was provided by Southwest Microwave, an organisation with experience in the design and manufacture of integrated high-security outdoor electronic perimeter intrusion detection systems.
Data Centres represent a rapidly growing sector within the infrastructure market, driven by society's increasing demand for artificial intelligence and cloud services. These were recently classified as Critical Infrastructure by the UK Government (1), highlighting their importance with the same classification as water and energy. Whether providing colocation, enterprise or cloud services, data centres have become vital to business operations.
As this reliance on data centres increases, they become a larger target to constantly evolving threats. Therefore, it is crucial to stay ahead of emerging risks and have robust Perimeter Intrusion Detection Systems (PIDS) in place, to ensure sites are protected (2). The Perimeter offers the first line of defence, not only protecting the Data Centre, but also assets such as Substations, Uninterruptable Power Supplies (UPS) and even on-site power generation, which can interrupt operations if targeted.
Perimeter Characteristics
Data Centre perimeters will be defined by the presence of a physical barrier, in the form of a steel fence. This fence can be of various types and may additionally have a topping attached. The fence can be broadly categorised as either a weld mesh type or a rigid fence, such as a palisade.
The aim of the fence is to impede an intruder; at best to discourage them and at least to provide a delay to entry. Entry for an intruder will be either from climbing over the fence or cutting through it. Either of these will be costly in terms of the time it will take to carry out these operations. A detection sensor aims to exploit the delay time for an intruder attacking a fence through detection of the subsequent movement of the fence material. This sensor may either be mounted on the fence and/or topping or be installed within the site perimeter with the aim of detecting the intruder as he moves away from the perimeter.
A fence mounted sensor may either consist of a continuous cable or a series of detection modules mounted to the fence and connected to each other with a cable. The same techniques may also be used for detection on the topping structure. Depending on the security requirement and/or budget, where a topping is attached to a fence, the sensor may be mounted just to the fence, just to the topping or to both (the most common option for Data Centres).
The perimeter fence defines a demarcation between the ownership of the Data Centre, inside, and that of another owner, such as a municipal authority, outside. For this reason, no other form of sensor detection, such as Infrared or Microwave systems, can be installed outside of the fenced perimeter – not only is this area not usually owned by the Data Centre, but the movement of people, vehicles and/or animals may produce unwanted alarms.
The descriptions above assume the presence of one line of fence at the site perimeter. Another option often used, especially for higher security sites, is that of two fence lines to produce a ‘sterile zone’. In this scenario the two fence lines are separated with a gap between the two of typically 6 to 10 metres. The outer fence may still have a fence detection sensor installed, whereas the sterile zone may have several overlapping microwave links, infrared links or a buried cable system. The presence of these different sensors provides a layered approach to security at the perimeter.
So far, we have explored sites in which the Intrusion Detection System is solely at the perimeter. However, Data Centres have an essential requirement for continuous operations, demanding a reliable electrical power supply. Considering this, substations, UPS or power generation will be present on the Data Centre site, which can be protected further, by internal Intrusion Detection solutions, in addition to PIDS at the perimeter fence.
CCTV’s and/or a graphics display
Technology Application
The previous section showed that the perimeter may be protected with different types of sensors. These include, although not exclusively, fence detection, microwave links, infrared links and a buried cable system.
The output alarm data from these sensors is required to be communicated from the perimeter area to a common area. The means used to convey this alarm data is varied and may consist of a cabled connection (such as RS422), a fibre optic cable, an Ethernet cable for networked systems or another method, such as a radio link. At this common area will be located a system to convert the received alarm data to operate a relay, to interface to a hardware module or computer system, or for all of these. The relay may be connected into a computer system and/or CCTV system, whereas the direct connection to a computer may allow software zones to change state on a graphics display. All methods explained are routes to permit alarm conditions to be notified for control of CCTV’s and/or a graphics display.
Consequences
Failing to design a perimeter solution with an adequate level of security can leave businesses vulnerable to the significant costs of sites being breached. Sabotage can result in financial costs, due to any hardware being stolen or damaged, as well as the cost of the length of downtime. Additionally, an inadequate security system being exposed could lead to legal liability due to the standards required for handling sensitive data. Moreover, a significant non-financial cost is the reputational damage to the end user, with a loss of customer trust as well as negative reporting in the media.
On the other hand, investing in an effective multi-layered perimeter security system can provide benefits. A well-designed PIDS aims to achieve a high probability of detection (PD), whilst maintaining a low nuisance alarm rate (NAR), even in environments with extreme conditions. This helps prevent alarm fatigue, enabling responders to treat each alarm as a legitimate potential breach, reducing the risk of missing events.
We hope this article was helpful. For more information from Southwest Microwave, please visit their CPD Member Directory page. Alternatively, you can go to the CPD Industry Hubs for more articles, courses and events relevant to your Continuing Professional Development requirements.
References
1 - https://www.gov.uk/government/news/data-centres-to-be-given-massive-boost-and-protections-from-cyber-criminals-and-it-blackouts
2 - https://www.npsa.gov.uk/building-protection/video-surveillance-access-control-detection-control-rooms/perimeter-intrusion-detection-pids
