• Enterprise datacentres – ‘wholly-owned’ facilities that an organisation solely owns and operates for their own use only
• Co-located datacentres – ‘carrier hotels’ where an organisation’s data system is housed within a shared facility
• Managed-hosting datacentres – facilities that are managed and operated by third parties
• Cloud-based datacentres – virtual datacentres set up in the cloud and usually managed by a third-party

When designing or improving upon existing physical security arrangements for datacentres, best practice includes an integrated and layered approach to protecting the facility and data. An integrated approach combines operational expertise, technology-enabled security and life safety system capabilities, alongside man-guarding, monitoring and response services, coupled with effective cybersecurity, to effectively manage recognised risks and threats. 

By approaching security in layers, this provides depth to the security structure making unwanted entry of the facility more difficult, but also allowing inner layers to be protected should an outer layer be breached. Inner layer security also mitigates against malicious or unintended data breaches from employees. The main security layers which can be considered for most datacentres include:

Layer 1 The Fence line at the perimeter of the facility
Layer 2 External areas, including carparks, access and reception areas
Layer 3 Common/Circulation Areas and Security Operations Centre (SOC)
Layer 4 Grey Space (Plant Rooms)
Layer 5 White Space/ Data Centre Floor
Layer 6 IT Rack (including associated Cage and Air Containment – Hot aisle or Cold)

In this upcoming blog series by G4S, we will consider specific security for each of these layers within datacentres. Click here to read the first blog where we will explore Perimeter Intruder Detection Systems (PIDs) to secure layer one - Fenceline and facility perimeter