Physical Security Might Be Easier To Understand, But Cybersecurity Is Where Data Center Tenants Should Focus
As cyberspace grows, protecting it only gets more complex. As companies across all sectors increasingly turn to data centers to store their information, prioritizing privacy does not always get the budget and attention many think it deserves.
“With every passing day, more and more companies are taking cybersecurity more serious,” Newmark Knight Frank Executive Managing Director Geoffrey Kasselman said. “With the exception of publicly traded Fortune 500 companies — when you drop below that level — the majority of those companies are under budgeting for cybersecurity and not yet giving it its full due, unless they’ve had a breach.”
The reasons for this are wide-ranging. Cybersecurity is expensive. Many companies do not think they are at risk, or do not fully understand their risk. Others focus on tangible security measures within data centers such as gates and alarms.
“The cybersecurity piece is much bigger [than physical security],” Sheehan Nagle Hartray Architects principal Neil Sheehan said. “When you read news articles about data centers going down, it’s almost always a software issue rather than some physical issue.”
Sheehan, who has been designing data centers for more than 15 years, said he thinks most data centers are physically secure.
Sheehan has worked with security consultants on several of his projects to create layers of physical security. Data center visitors and employees could pass through up to five controlled access points from a gate in a parking garage to iris scanners to a mantrap scale that verifies a person is the same weight upon entry and exit. Such measures are particularly common in leased centers that get a lot of visitors.
Data centers all over are implementing better physical security measures in existing and newly developed centers. Dallas’ Infomart recently spent $6M upgrading its physical security.
For most tenants co-locating in a center, physical security falls to the center’s owner or operator, but cybersecurity falls on the tenant.
Carrier-1 owns and operates a 107K SF data center in Dallas. Carrier-1 Executive Vice President Trey Berndt thinks end users are wising up to cyberthreats.
“I don’t think cybersecurity [is] a line item anymore,” Berndt said. “Nowadays we’re often talking to companies that have cybersecurity [personnel] on staff.”
Kasselman finds that end users fall somewhere on a spectrum.
“It’s dispersed between those users who are hardened and ready for an attack and already have best practices in place, and the other end of people who still have default passwords on everything and go about their business thinking no one would ever want to target them,” Kasselman said.
Kasselman recommended some best practices for cybersecurity.
“Having hackathons where you invite well-regarded hacker groups to find vulnerabilities in your software is a fun way of understanding your risks. You can go the consultant route. But the single best way to protect yourself is to encrypt custom code,” Kasselman said. Having an in-house coder makes that possible.
For those still not convinced of the necessity of security, Kasselman recommends comparing the numbers on preventing an attack versus reacting to one.
“The cost of repairing the damage, communicating the breach, insurance, public relations and everything else will be a lot more than your cybersecurity budget.”
Hear more from Berndt and other data center experts at Bisnow’s Data Center Investment Conference and Expo South on Aug. 31 in Dallas.