Back to Blog

For Data Centers, Physical Security Device Management is Critical — for Both Physical and Cyber Security

Providers of both colocation and hyperscale data centers know that security is mission-critical for them, whether they’re defending themselves against cyber threats or physical risks. With that in mind, they invest heavily in physical security devices including cameras, access control panels, and sensors. But as much as they spend on buying and installing physical security devices, data center providers suffer from an unscalable, manual approach to operationally managing those devices. Not only does this leave them exposed to physical threats, but it results in cybersecurity vulnerabilities that compromise their overall security posture.

Both physical security and cybersecurity are mission-critical for data center providers

Recent years have seen on-premises data centers largely being phased out, as organizations have become increasingly reliant on solutions such as hyperscale or colocation data centers. As a result, the market for both models is accelerating, with the number of hyperscale data centers growing rapidly, and the global market for colocation data centers projected to nearly triple between 2021 and 2028. 

To take advantage of this opportunity, data center providers need their customers and prospective customers to be confident in their security measures. To provide that confidence, they need to protect their customers from anything that could compromise the confidentiality, integrity, or availability of their data. That means defending their data not only from bad actors, but also from dangers including fires, natural disasters, water leakage, pests such as rodents, and more. 

Much of that security comes from cybersecurity measures taken to prevent hackers from causing them significant harm. Given how valuable data can be to data centers’ customers and the risks that could result from unauthorized access, cybersecurity is a high priority for data center vendors.

But not all intentional attacks on organizations’ data are cyberattacks launched by outside hackers. Physical attacks risk not only compromising customers’ data, but also interfering with data centers’ ability to deliver uninterrupted service. Notably, in 2021, the FBI arrested a man suspected of planning to bomb an Amazon Web Services (AWS) facility. Although the alleged plot was never carried out, the incident highlighted the risk of a physical attack on a data center.

In addition to watching out for external physical security risks, it’s important to beware of the risk of insider attacks, including the risk that a data breach or theft could be carried out by an employee.

Data centers increasingly rely on physical security devices, but inadequate operational management compromises their effectiveness

In the face of these security risks, data center providers are increasingly investing in physical security technologies to protect themselves and their customers – technologies including IP cameras, sensors, access control devices, and more. This growth is so rapid that the market for data centers’ physical security is projected to increase from $1.2 billion in 2021 to $3.8 billion in 2030

But the reality is that it’s not enough to buy and install physical security devices. To enjoy robust physical security, data centers need to operationally manage these devices consistently, making sure they run reliably. 

One key reason that the physical security market for data centers is growing so quickly is that the size of typical fleets of physical security devices continues to expand. As a result, typical data center providers struggle to keep up with the growing need to operationally manage their physical security devices. Without consistently monitoring and maintaining these devices, data centers run a real risk that devices will be offline when they’re really needed.

It’s important to keep in mind that the problem of inadequately managed physical security devices is far from unique to data centers. Our data show that 4% of an average organization’s physical security devices get disconnected from their network at some point in a typical week. Meanwhile, a typical week sees 6% of an average organization’s security cameras get disconnected from their video management system. 

This situation also puts data centers’ cybersecurity at serious risk

Not only does the status quo leave typical data centers at risk of being exposed to physical security threats, but it also jeopardizes their cybersecurity. When physical security devices are not adequately hardened and maintained, there is a real risk that they could offer hackers an easy target for carrying out an expensive data breach or other type of cyberattack. 

Today, there is a growing awareness of the cybersecurity risks surrounding inadequately maintained physical security devices, in part due to high-profile incidents such as the massive data breach of video security startup Verkada in 2021. Accordingly, the U.S. government’s new National Cybersecurity Strategy document notes that “many of the IoT devices deployed today are not sufficiently protected against cybersecurity threats.” 

The risk of a cyberattack is especially great for data center providers because this type of incident can cause immense harm to their reputations, with clear impact on their core business. For instance, in 2019, VPN provider NordVPN disclosed a data breach that had occurred the year before as a result of “poor configuration on a third-party datacenter’s part that [NordVPN was] never notified of.” While it may be difficult to measure the damage that the hack did to NordVPN, the incident affected the targeted data center by resulting in the end of its contract with NordVPN. 

Highlighting the cybersecurity risks facing data centers, earlier this year cybersecurity company Resecurity announced its finding that since 2021, threat actors had repeatedly targeted “several data center organizations” in order to steal information from these data centers’ clients. The company noted that it expects to see an increase in such attacks going forward.

Also underscoring the importance of cybersecurity for data center providers, IBM’s 2022 Cost of a Data Breach Report found that 45% of data breaches occur in the cloud. It also stated that the average cost of a data breach within a public cloud is $5.02 million, while the figure for a private cloud is $4.24 million and the figure for a hybrid cloud is $3.80 million.  

Importantly, preventing cyberattacks isn’t just about protecting customers’ data from being accessed remotely. It’s also a matter of protecting the data center’s own physical infrastructure from damage that could be carried out remotely, such as by interfering with cooling systems or power supplies.

There’s a more effective and reliable alternative

Taken together, it’s clear that data center providers need a new way to manage their physical security devices consistently and scalably, rather than relying on manual maintenance practices that can’t keep up with the current reality. Manually performing all of the necessary tasks to maintain and secure their devices – including monitoring devices, rotating their passwords regularly, upgrading their firmware, managing their certificates, and replacing devices that are past their end of life – is too time-consuming and expensive to be feasible on a large scale. 

That’s not because of any fault of the device manufacturers, systems integrators, or physical security teams that produce, sell, install, and operate data centers’ physical security devices. It’s simply the reality of manually managing and maintaining physical security devices. 

In contrast, by automating the operational management of their physical security devices, data center providers can monitor and maintain their devices consistently. Not only can this approach minimize the chances of a device being offline when it’s really needed, but it can help data centers providers identify and address cybersecurity vulnerabilities in order to prevent hackers from taking advantage of them. And this automated approach can achieve all of those goals efficiently and cost-effectively.

For a closer look at how tech companies including data center providers can use automation to streamline and enhance the operational management of their physical security devices, check out our tech case study.

Blog posts you might also like