Best Practices for Protecting Physical Data Centers from Threats

December 2, 2023 Pete Cavicchia

Today, the physical data centers that store a company’s most vital assets are often on the frontlines in the battle against hackers and criminals.

In a new piece for Data Center Knowledge, Sam Prudhomme, President of Accelevation’s Data Center business unit, writes that these facilities are increasingly targets as investments in AI and cloud computing become the norm for most companies.

“The value of information housed in data centers opens the pathway to potential damage caused by an unplanned outage,” Prudhomme writes.

A growing threat

It’s important to note these specific breaches were once rare.

There were only five incidents of theft or sabotage at data centers in the decade between 2006 and 2016. Prudhomme explains that the first half of this year, alone, there were more than 70 “significant data breaches,” citing reporting from IT Governance.

“There is a tendency for data center physical security to focus on the first few lines of defense — perimeter security and controlling admission to the site,” Prudhomme writes. “While these measures are essential, they do not preclude the need for attention and investment into security the data center white space and the hardware it contains.”

External and Internal Bad Actors

The focus is often on external threats — of individuals coming from the outside and causing physical breach.

Prudhomme offers the troubling reminder that oftentimes “the greatest and most under appreciated risk” to these centers is the “intentional human sabotage by an actor with insider access.”

With these disturbing realities in mind, he writes that not having the proper defenses in place to proactively protect a data center from external and internal attackers leaves the center — and the greater company as a whole — at great risk.

This bears reputational risk as well.

“Once access to the hardware in a data center’s white space is obtained, the capacity to do immense damage is great, both to the company whose digital assets have been tampered with, as well as the data center owner’s reputation,” Prudhomme asserts.

A multi-pronged approach

One thing that must happen is an audit of the existing physical security protocols for a data center. Physical security officials can’t just assume a building’s systems are “threat proof.”

A multi-pronged approach has to be applied. This means locked gates, security personnel that are well trained and armed, and facial recognition tech — or other forms of biometric security clearance programs.

An AI-Focused Future

Looking ahead, AI is going to be the word on everyone’s lips.

“The current investment in artificial intelligence is massive and widespread. Generative AI, specifically, has the potential to be the most economically and socially impactful technology of the decade,” Prudhomme explains. “There has been a great deal of data center capacity leased in the last three months to host generative AI workloads, and many of the key players in the space are gearing up for the next phase of the AI arms race.”

Shoring up a physical data center to be shielded from the wide range of threats that exist isn’t easy.

This requires great foresight on the parts of both security professionals and company executives. It means taking into account the great complexities of how hackers and physical attackers carry out their crimes in the modern world.

It’s incumbent on all stakeholders in protecting a company’s data to be wary and aware of all possible threats that target data centers today.

Physical Security Professionals Are Growing Increasingly Wary of Cyber Attacks

November 1, 2023 Pete Cavicchia

As physical security staffs have to worry about cyber threats increasingly more than in the past, it makes sense that concerns over things like ransomware and hacks of IoT-connected devices are at the forefront today.

Now, a new survey released in October is offering a clear snapshot of just how pressing these concerns are in the physical security world. Industry leader Genetec surveyed 5,500 global physical security professionals who distilled these cyber fears.

Among the findings, 31% of end-user respondents said their company or organization “was targeted by cyber threat actors in 2023,” according to a press release.

Within that group, 73% in the intelligence and national security sector were victims of these attacks — the highest percentage by far. This was followed by 46% in banking and finance, and 21% of those in the retail sector.

The survey revealed that 36% of end-user respondents said cybersecurity vulnerabilities were a “top challenge” facing their companies this year. One sector where an attack can literally mean life and death for its customer base is healthcare. Genetec reports that 43% of respondents in this field said cybersecurity vulnerabilities were the top challenge of 2023, more than for any other group.

In light of these concerns, companies are addressing cyber threats more directly than in the past. The survey shows that 42% of end-user respondents said their companies are currently harnessing cybersecurity tools “in their physical security environments.” This response illustrates very clearly just how serious these cyber concerns are. Just a year ago, 27% of end-user respondents in Genetec’s survey said they put proactive measures in place in response to cybersecurity threats.

“It is reassuring to see growing awareness of the cybersecurity of physical security systems," Mathieu Chevalier, Principal Security Architect at Genetec Inc., says in the release. "As more organizations look to implement enhanced cybersecurity measures, they need to look for manufacturers who are committed to cybersecurity and building tools that help them streamline the maintenance and updates of their systems.”

The qualms physical security professionals have over cyber-attacks aren’t theoretical. These attacks can inflict very real damage. In a blog post for Embedded Computing Design, Tim Morin writes that cyber-attacks can hit physical assets like manufacturing systems and shipping and distribution pipelines.

In this connected age, physical security officials can’t discount these trenchant calls for vigilance that are circulating so loudly today. They must build physical defenses that have cyber concerns firmly in mind.

A Look at the Top 5 Modern Physical Security Threats

October 25, 2023 Pete Cavicchia

With the constant news of everything from hacking attacks compromising security cameras to store break-ins and looting, it’s an era where businesses large and small need to be on high alert constantly.

Changes in technology and the evolution of ever more sophisticated criminal attacks have made this a very complex time for physical security officials — they have to stay abreast of all the changes that are defining the security landscape today and do everything in their power to keep their companies safe and secure.

Thinkcurity recently published an overview of the five most significant physical security threats today.

“We can expect cyber and physical security threats and vulnerabilities to converge. Our various internet of things (IoT) devices will pose more of a threat to digital and physical security,” the website reads.

Here’s a look at the top threats they identified:

1. Modern Threats are Outrunning Organizational Changes: Modern companies keep trying to update their physical security protocols to address the wave of modern threats. This means physical security has to be folded “into the everyday functions” of a business. While that seems intuitive, criminals who are aiming to attack a company or firm are adapting at a pace that far outruns these organizational realignments. This means physical security teams have to get everyone in a company aligned on what is at stake, train everyone on the team in the latest technologies and protocols, and make sure security stakeholders in a company aren’t siloed away. Instead, they all need to be integrated to work cohesively to respond to any new threat.

2. Hybrid Work Environments Make it Difficult to Keep Track of Who is on Campus: Since nearly every business has embraced hybrid work models since the COVID-19 pandemic, it has made it more challenging for security teams to monitor who is at the company’s physical campus at any given time. There are tools to track who is on site. This includes “mobile guard software” that can allow security officials to have “geolocation data” and software that can pinpoint who is working at home. Another option comes in the form of mobile-first access control systems that allow a security official to know who is in the building in real time.

3. Current Cyber Attacks are Exploiting Connected Tech Vulnerabilities: It’s important that all businesses today embrace modern, cloud-connected technology. That being said, having everything connected to the Internet exposes more points of entry to bad actors who hope to access sensitive data and compromise the physical safety of any given building. Thinkcurity writes that companies need to “bring together cyber security and physical security operations” — it’s the only way to address these multi-pronged attacks that are designed for our IoT-centric world.

4. Labor Shortages Provide Their Own Risks: Much has been made of the current reality of nationwide labor shortages that have hit nearly every sector in the post-pandemic U.S. Thinkcurity stresses that while this has always been a problem for the security industry, it has gotten even worse in recent years. They write that "understaffing makes the problem even worse, leading to burnout and low morale.” This means it’s high time that companies embrace HR and talent management software to pinpoint the right job candidates. Businesses also need to offer competitive incentives to recruit and maintain a steady security workforce.

5. Increased Crime: In recent years, incidences of crime like robbery, burglary, and theft have increased. This has all coincided with an economic downturn as well as the societal ruptures brought about by the pandemic. It’s all made for a big headache for security officials. In order to be ready to address these frequent threats, it might be prudent for businesses to invest in modern security softwares and devices to better offer real-time responses and defenses.

“Security needs to continually adapt to this changing threat landscape. To do this they’ll need to assist organizations in achieving comprehensive situational awareness. They’ll also have to focus on de-escalation to prevent threats from causing more damage than necessary,” Thinkcurity concludes.

It’s a complex — even harrowing — time for companies of all sizes. Security has to be prioritized.

Experts Stress a Proactive — Not Reactive — Physical Security Plan

October 13, 2023 Pete Cavicchia

At the recent 2023 Global Security Exchange conference, leading experts in the field convened to share their best practices, shedding a spotlight on today’s trends that are driving the greater security sector.

One common theme that emerged is one that security professionals from businesses both large and small should make note of — a robust physical security strategy has to be proactive, not reactive.

‘There’s always some crisis’

Recently, BizTech Magazine’s Rebecca Torchia covered the conference, outlining the range of perspectives from this year’s conference.

For Larry Wansley — former security director for American Airlines and the Dallas Cowboys — “not much happens until something happens.”

In other words, security professionals have to be ever vigilant with an aggressive plan in place. They can’t be passive, waiting for a potential breach. Wansley revealed that the American Airlines headquarters had lax standards until someone tried to attack the company’s chairman.

“Right after that, we got checkpoints. We got biometrics. We got everything that I had been trying to get for a long time,” he recalled. “There’s always some crisis, some situation, that drives the response.”

Training is key

Torchia reports that Janet Lawless, CEO and founder of the Center for Threat Intelligence, discussed why it’s necessary that everyone on a security team stays abreast of the top threats of the day.

She said that bad actors have better funding and more comprehensive criminal networks to carry out breaches than in past decades. To combat this, personnel training has to be front and center. That being said, Lawless warned that “many organizations feel hindered by a lack of security funding,” Torchia reports.

Lawless pointed to the very common sense — but often forgotten — recommendation that employees at any company turn off their work computers and devices when they are away from their desks. Sensitive data are left open and accessible to criminals who enter often-deserted offices.

“Run background checks on everyone, and train everyone to take things off their desk,” Lawless stressed.

Keep tech up to date

Outside of these tried and true recommendations, Torchia highlighted the fact that many of the event’s speakers emphasized just how crucial it is that businesses invest in the most advanced security technologies.

Regular audits must be performed to ensure everything is updated. Lawless pointed to the fact that many surveillance cameras are poorly secured — it’s incredibly easy for an intruder to physically move a camera away from doors and points of entry. If leaders in a company invest in technology, then they must maintain it.

From going on the offensive against criminals to emphasizing staff training to updating old technologies, what was the pervading theme of the conference? All businesses must have dynamic and confident physical security approaches to keep data and personnel safe.

Ways to Bolster a Company’s Network-Connected Physical Security Systems

October 6, 2023 Pete Cavicchia

Given now is a time where all systems are interconnected and Internet-supported, the distinctions between cyber and physical security are increasingly blurred. That means that a firm’s network-connected physical security systems have to be protected robustly.

In a recent article for SecurityInfoWatch.com, Antoinette King, outlines the best practices for protecting these systems in an IoT-centric age.

From analogue to digital — The evolution of modern physical security

King starts out by stressing that connected devices foster efficiency for companies, but they bring risks that didn’t exist in the pre-Internet era.

She writes that, two decades ago, physical security systems were designed to be stand-alone tools that were separate from one another. Exterior security was different from interior security, which was different from closed security television, in turn.

All of this made for an unwieldy system. That all changed with physical security information management systems (P-SIMS).

“Physical Security Information Management Systems (PSIM) were software that provided platforms and applications created by middleware developers. They were designed to integrate multiple unconnected security applications and devices and control them through one comprehensive user interface,” King explains.

This didn’t last because middleware is exactly what it sounds like — a midway connection point, another unwieldy step in between two different systems.

Hence came the “single pane of glass” approach of today, with integrated physical security solutions becoming the name of the game.

Recommendations to keep these systems safe

While these systems are efficient, they possess inherent vulnerabilities. She cites weak authentication and authorization, which can be targeted easily by hackers. Additionally, many of these systems feature outdated firmware and software, possess insufficient encryption, and hold secure boot mechanisms that leave a lot to be desired.

Outside of this, external flaws of the day such as lax auditing standards and the presence of global supply chain vulnerabilities mean many physical security systems are left exposed to attacks.

Some of King’s recommendations to address these concerns are:

Protect data rooms — King says many of these spaces are used for data storage and often are left without the needed updates and renovations to protect the sensitive information they contain. She says that the physical rooms should be “reconstructed from floor to ceiling with solid, impenetrable construction.”
Emphasize access control protocols — Given that access control systems like card readers and digital credentials are connected to WiFi and Bluetooth today, King stresses just how vulnerable they are to hacks. One way to protect these systems is to do a full audit — when someone leaves a role at a company, make sure their credentials are taken away. No one should have power over access control systems that they no longer need. It’s too easy for a bad actor to get their hands on them.
Fasten the locks — When it comes to traditional manual locks, King says “ensure they are of suitable security construction, six or seven pins keyways, a long throw deadbolt, and a regularly audited key control system with no master keys issued.”

With the rise of new technologies — time will tell how tech like AI will disrupt the physical security space — it’s important that every member of the team does everything they can to keep a company’s physical security systems hacker free.

How the Physical Security Industry Will Harness the Current AI Wave

September 5, 2023 Pete Cavicchia

Debates and discussions around the role artificial intelligence (AI) technology will play in society at large have been everywhere — from Hollywood to the political arena. In day-to-day life, AI has played a big role in Google’s changing algorithm and through Apple products by way of virtual assistants like Siri.

Shooter Detection Systems Might Be the Next Big Tool to Keep Campuses Safe

August 10, 2023 Pete Cavicchia

While 2023 has only just passed its halfway mark, there have been more than 300 mass shootings so far in the United States alone. Many of those have taken place on school campuses.

In a recent news story, Security World reports that Shooter Detection Systems (SDS) has joined the ZeroNow alliance — a group that is geared to ensure a safe environment on school campuses — on school shooter detection systems. The security news site details that the developers behind Shooter Detection Systems stand as some of the earliest leaders in gunshot detection systems, reaching back to their work for the U.S. military back in the early 1990s. Harnessing that expertise, they are hoping to take what they innovated in that space and apply it to school safety.

This news can have wide ramifications for improved campus physical security.

Back in 2014, Shooter Detection Systems was created to bring gunshot detection technology to the commercial market. Their sophisticated systems are based on gunshot detection sensors that pinpoint gunfire and provide immediate emergency notifications to security officials, administrators on site, and law enforcement.

This tech has been used throughout the country and abroad in schools and workplaces. By joining ZeroNow, this tech company is hoping to achieve that coalition’s goal of “zero harm” in schools.

In a quote for the article, CEO and Co-Founder of ZeroNow, Are Bagdasarian said the goal is to create the “national baseline” for safer schools. By partnering with this company and collaborating with developers who worked to keep members of the military safe, ZeroNow hopes to set a standard for schools and campuses across the country.

“Access to experts in a wide range of safety technologies is essential to achieving this goal. Its decades of experience developing gunshot detection systems designed to work in tandem with other security technologies makes SDS an invaluable addition to ZeroNow,” Bagdasarian added.

From the tech developer side, Shooter Detection Systems Managing Director Rich Onofrio said this is the perfect pairing of innovation and policy.

“Students and school staff deserve the highest performing gunshot detection system available. The team at SDS is committed to making schools safer,” he said.

Given the complex modern reality that centers for learning aren’t automatically the safest place for students and staff, it’s important that administrators and security professionals think outside the box. Collaboration across sectors may be the way forward to ensure schools and campuses emphasize safety first.