Data under lock and key
Data security is not just a virtual concern, but a physical one. Project teams are constructing data centers that fend off real-world intrusion.
Large-scale cyberattacks have made clear organizations’ vulnerability to hackers—and the high stakes involved. The 2013 breach at Target compromised 40 million credit cards, 70 million customers’ personal information and factored into the retail giant's 46-percent plummet in holiday profits. The 2014 attacks at retailer Home Depot and JPMorgan Chase, the largest bank in the United States, affected 56 million cards and 76 million households, respectively.
Project teams thus face heightened pressure to defend the security of data centers—ground zero for all information. In 2013, for instance, Google spent US$7.35 billion on Internet infrastructure, largely due to its data-center expansion projects.
“For our mission-critical clients, the security of their facilities is high on the list of nonnegotiables,” says David Ibarra, project director at DPR Construction, Redwood City, California, USA, which has built data centers for Facebook and eBay.
“We design our centers to have five layers of security before anyone can even reach the equipment.”
-Raouf Abdel, Equinix Americas, Denver, Colorado, USA
DPR's data centers range from simple cage environments requiring card access to “facilities that include barriers, bomb-blast-resistant zones and even dog-patrol areas,” Mr. Ibarra says. “These facilities must comply with multiple rings of security philosophy: deter, detect, access, delay, respond and deny.”
Data center provider Equinix also builds multiple rings of security into its data centers. “We design our centers to have five layers of security before anyone can even reach the equipment,” says Raouf Abdel, regional operating chief, Equinix Americas, Denver, Colorado, USA. Equinix operates more than 100 data centers in 15 countries, helping to keep safe the information of organizations such as Amazon and Google.
“These facilities must comply with multiple rings of security philosophy: deter, detect, access, delay, respond and deny.”
—David Ibarra, DPR Construction, Redwood City, California, USA
Projects have featured security stations situated behind ballistic glass and biometric scanning incorporated into almost every entry point. At Equinix-built facilities, potential intruders immediately encounter the aptly named mantrap. A hallway with a door on each end, the mantrap opens just one door at a time. Its biometric scanners and access code require the appropriate credentials before the second door will open. Otherwise, Mr. Abdel says, “the second door will not unlock, effectively trapping the person from entering or leaving the facility.” Guards can hold individuals here either for traffic flow or to squash security risks.
Such extremely well-guarded data centers come at a cost. Mr. Ibarra says DPR's project budgets for its centers can jump 1 percent to 5 percent for security features such as crash-resistant perimeter fencing, gunfire-resistant finishes and exterior-access deterrent mechanisms. Considering that Google spent US$390 million to expand its data center in Belgium, such measures, even at small percentages, mean hefty budget items. Yet they can offset potentially much greater costs resulting from lax security.
Project teams can't build the same type of data centers for different clients—or even for the same client. They must weigh the demands of each facility's location.
“Site selection is driven by the primary business need—production or not, backup or disaster recovery, proximity to users—and security must be tailored to each location and facility type,” Mr. Ibarra says. Google's data centers in the Americas, Asia and Europe each have site-specific needs dependent on regional conditions and risks.
“Sometimes, within the United States,” Mr. Ibarra says, “we have to consider extra security in areas of the country where hunting season is typical. Exterior elements may need additional barriers installed to protect from potential bullet impacts.”
In cities, DPR project teams might install, for instance, metal bars on ventilation systems to prevent unauthorized access. DPR teams building facilities in more isolated locations have created 10-foot (3-meter) berms surrounding the structures, set back from the road by 150 feet (46 meters).
The most carefully protected data center is useless, however, if it cannot perform seamlessly. To maintain uninterrupted service in these facilities, project teams must ensure the unlimited supply of electricity and water, especially in the event of power outages. Google's facilities use diesel engine backup generators that can power the data centers at full capacity for extended periods of time.
To help maintain function, DPR uses alarms on manhole covers and security cameras detecting intrusions. “The primary power and water streams serving the data center are provided, maintained and protected, from plain vandalism to intentional breach,” Mr. Ibarra says. —Stephanie Schomer
Facebook's data center in Prineville, Oregon, USA
Well-guarded data centers come at a cost. Project budgets can jump 1 to 5 percent for security features.
PM NETWORK MARCH 2015 WWW.PMI.ORG
MARCH 2015 PM NETWORK