This Is How You Handle Data Center Security

I once toured a similar facility, complete with hand scanners and airlock-style double doors throughout the facility. After going through countless layers of security we reached the deepest, most secure section of the data center where the most sensitive servers were housed. On the opposite side of the room there was a fire escape door propped wide open, leading straight outside into the sunlight.<p>Our tour guide, who was an investor in the facility, explained that the employees really hated going through all of those scanners and double doors, so in the morning they just prop the back door open. If a customer or potential customer comes for a tour, they make sure to close the door.<p>The other highlight of that visit was the generator room, complete with some truly massive diesel storage tanks. Our guide (the investor) proudly explained that they could run the facility for several days in the event of a natural disaster which knocked out power to the facility. Out of curiosity, I knocked on the side of one of the tanks, only to be greeted with a hollow echo sound. The investor then explained that the tanks are mostly empty, but they'd fill them up if they thought a natural disaster could occur.

That guy apparently hasn't been to many datacenters.<p>Hand-scanners are pretty standard, as well as RFID photo-cards + pin, video surveillance and a good anti fire system. It's pretty much the baseline of what you'd expect for a building that houses several millions worth of hardware.<p>The man-trap does indeed seem extra (haven't seen one myself), but I'm a bit wary about the value it adds beyond certain james bond scenarios...<p>Moreover if you're really paranoid about physical access then you'd better go to one of the underground facilities like those in abandoned bank caves or bunkers.<p>Your standard warehouse-type datacenter usually has walls so thin that a dedicated thief could trivially flex through them in a minute, after climbing over the (often not very high) fence. Sure, he might set some alarms off in the process, but I wouldn't bet my $treasure on the single underpaid guard that commonly serves the nightshift in these buildings...<p>Yeah, got a bit carried away here, but we were talking James Bond scenarios, right?

I <i>really</i> don't like biometric authentication. As has been said before it's kind of like using your username as your password. Simple ownership is presumed to be enough data to prove you belong.<p>Additionally I (personally) think it's a problem that the authentication method can't be changed. You can have new keys cut, you can change your password, but it's unlikely you'll ever get new handprints.<p>For me there's also the factor that it places the access holders at additional physical risk. I read an article a while ago about a guy that had a car with a fingerprint scanner installed... Carjackers wanted his expensive car, so they cut off his finger, stole his car and left him. Personally I would rather someone just took my keys.

Years ago I worked for a company that used Exodus and the facility in which we rented space was very similar. The only problem was that all of their security could be bypassed if one entered through the delivery doors, which is how one brought new equipment into the facility. There was no man trap there and if one brought a cart of equipment in someone might even hold the door open.

Is there no weakness in depending on the same hand scan systems so many times? It appears a single point of failure.

Seems kinda gimmicky. Is securing a datacenter terribly different from securing any other sensitive building?