Data Fortress

The Noida branch of CtrlS, a data centre company based in Hyderabad, stands tall on a busy highway. The unmarked building has 24X7 video surveillance through multiple cameras, including one on the roof that scans the perimeter surrounded by 15-feet-high walls with barbed, electrified wires on top. The walls are crash-rated to guard against a vehicle ramming into the facility.

Needless to say, getting into the high-security building is no cakewalk. You are frisked and your identity and bag rigorously checked. You are required to put on disposable over-shoes as you walk in. Inside the building, too, access is rigidly controlled. Even employees don’t have access to every part of the facility — not all employees are allowed on all floors. The core of the building, the data centre itself, is also protected by multiple layers of security. You are body-scanned before you enter. Nothing gets in from outside — not even a pen.

Data centres and their security in India have been in the limelight ever since the conversation intensified recently around the localisation of data of Indian users. Companies like CtrlS, Netmagic and Tata Communications, which are among the biggest names in managing data centres in the country, have several layers of physical security and contingency measures to ensure that the data of hundreds or millions of users remains safe.

With more and more organisations choosing to trust data centres with their most critical data, these firms are taking every measure possible to ensure that none of their system or subsystem ever goes down.

US-based cybersecurity firm Palo Alto Networks defines a data centre as “a facility that centralises an organisation’s IT operations and equipment, as well as where it stores, manages, and disseminates its data. Data centres house a network’s most critical systems and are vital to the continuity of daily operations”.

A typical multi-layer security protocol in a data centre would be: Main gate security, a physical scan by security personnel, turnstile entry, a scanner for bags or equipment, door access, another turnstile, frisking, and a biometrics-based access. It’s no different inside the building. From round-the-clock surveillance of people and equipment to choosing the right materials for the building that contains the servers that store data, these facilities are truly state-of-the-art.

A data centre essentially looks like a library, with rows upon rows of metallic shelves that house thousands of servers which look like DVD players stacked one on top of the other. The humming machines with their glowing connection lights look a bit eerie. But every single aspect of the server rooms is controlled, monitored and maintained — right down to the air you breathe or the amount of light you see.

Data centres use building automation to manage every system in the building such as video surveillance, fire alarm systems, water leak detectors, generators, smoke detectors and so on. And all these are monitored through a single dashboard console. The lights in the building are usually kept low to conserve energy.

“The battery used in the server rooms is a critical resource. A minimum level of charge has to be maintained for a proper back-up. We have systems that help monitor this and they trigger an automatic response, informing the person in charge through SMS alerts that action needs to be taken,” says an executive at one of India’s largest data centres who does not wish to be named.

A camera control room with feeds from over a 100 cameras is also part of the set-up. The room has bulletproof glass on the door and windows. A combination of low-light cameras, pan-tilt-zoom cameras and standard fixed cameras are used and footage from these is typically stored for a minimum of 90 days. This can be handed over to customers if needed.

The human element

One of the biggest challenges of managing physical security at a data centre is getting people to follow the processes, says Nitin Mishra, senior vice president and chief product officer at Netmagic, an NTT Communications company. Though data centres are increasingly becoming non-labour intensive facilities, the human element continues to be important. For example, even the building automation dashboards are manned at all times of the day.

Along with digital access cards for different levels of employees, a biometric form of identification is almost always built into the access controls. So employees authenticate themselves either through a fingerprint or a retina scan or facial recognition or a combination of these. This is done so that no unauthorised person can enter the building in case an ID card gets stolen.

Again, if there is a security breach because an employee has not adhered to the processes, stringent protocols are in place. Extensive logs are maintained for all activities and video surveillance tapes are available to pinpoint the exact source of the breach.

Besides, there are regular audits, as frequent as once every six months, to ensure that the protocols are being followed.

Simple rules like no tailgating are important in a data centre because of the criticality of the data stored on the premises. There is also under-vehicle surveillance cameras set up on the ground to check vehicles from bringing in anything that could pose a threat to the data centre.

Environment control

Apart from the human element, the environment inside a data centre is also tightly controlled to ensure smooth operation at all times. The main building that houses the storage equipment is usually made of higher reinforcement and can withstand earthquakes measuring up to nine on the Richter scale. The power supply is taken from two or more different sources so as to minimise the downtime in case of power failures.

Air quality is another critical aspect that impacts the performance of a data centre. “The air quality in Delhi and NCR is a big problem as the data centre equipment can corrode faster with toxins like sulphur and nitrogen present in the air. Hence, we have a chemical filtration capability at the facility itself,” says an executive at one of the data centres.

In fact, data centres have been experiencing a rapid rate of hardware failures due to sulphur bearing gases. CtrlS says it has deployed an air filtration and purification technology that removes gaseous contaminants and particulates and inhibits corrosion.

Every effort is also made to keep dust to a bare minimum. “Dust has to be kept low. Sticking paints are often used on the floor, so the dust sticks to the paint. The air conditioners also have high quality filters to ensure that dust does not circulate in the air,” says Netmagic’s Mishra.

According to Data Foundry, a data centre company based in Austin, Texas, “If not kept under control, airborne contaminants in data centres cause a variety of problems from impaired power efficiency to equipment failure.”―Business Standard