15 comments

[ 1.7 ms ] story [ 45.4 ms ] thread
Is there no weakness in depending on the same hand scan systems so many times? It appears a single point of failure.
One cannot gain access to the facility with a hand scan alone. Their are special badges and challenge requirements.
> challenge requirements

I'm imagining an American Gladiators room.

I'm starting a petition to add a tennis ball cannon to my datacenter. When you pull into the parking lot, the cannon starts shooting until you get to the door.
That guy apparently hasn't been to many datacenters.

Hand-scanners are pretty standard, as well as RFID photo-cards + pin, video surveillance and a good anti fire system. It's pretty much the baseline of what you'd expect for a building that houses several millions worth of hardware.

The man-trap does indeed seem extra (haven't seen one myself), but I'm a bit wary about the value it adds beyond certain james bond scenarios...

Moreover if you're really paranoid about physical access then you'd better go to one of the underground facilities like those in abandoned bank caves or bunkers.

Your standard warehouse-type datacenter usually has walls so thin that a dedicated thief could trivially flex through them in a minute, after climbing over the (often not very high) fence. Sure, he might set some alarms off in the process, but I wouldn't bet my $treasure on the single underpaid guard that commonly serves the nightshift in these buildings...

Yeah, got a bit carried away here, but we were talking James Bond scenarios, right?

Yes, I would agree for first class data centers this is ground breaking but not all services are hosted in such facilities. How many DIY data centers have dedicated security?
I once toured a similar facility, complete with hand scanners and airlock-style double doors throughout the facility. After going through countless layers of security we reached the deepest, most secure section of the data center where the most sensitive servers were housed. On the opposite side of the room there was a fire escape door propped wide open, leading straight outside into the sunlight.

Our tour guide, who was an investor in the facility, explained that the employees really hated going through all of those scanners and double doors, so in the morning they just prop the back door open. If a customer or potential customer comes for a tour, they make sure to close the door.

The other highlight of that visit was the generator room, complete with some truly massive diesel storage tanks. Our guide (the investor) proudly explained that they could run the facility for several days in the event of a natural disaster which knocked out power to the facility. Out of curiosity, I knocked on the side of one of the tanks, only to be greeted with a hollow echo sound. The investor then explained that the tanks are mostly empty, but they'd fill them up if they thought a natural disaster could occur.

Wow, I've seen funny stuff in datacenters, but that's quite hilarious. Even the shoddiest datacenters I've been to had door alarms, i.e. an alarm would go off when a door stays open for longer than 30 secs. I was told that opening an emergency door normally also triggers an alarm immediately. But surely all those alarms can be disabled by trained personnel... ;-)
I wondered, reading the original article, how many of the security measures were to impress potential clients and investors and how many were really there to keep bad people away from the boxes.
I'm guessing it's mostly the former. The sort of attack which involves -- for instance -- fake IDs and/or ninjas crawling through the ceiling is relatively rare, especially compared to online attacks (which are a more serious threat anyway).
The other complication is that the people who have the most to gain from bypassing the security (your competitors) also have a very easy way to bypass it: get their own cage.
Years ago I worked for a company that used Exodus and the facility in which we rented space was very similar. The only problem was that all of their security could be bypassed if one entered through the delivery doors, which is how one brought new equipment into the facility. There was no man trap there and if one brought a cart of equipment in someone might even hold the door open.
I really don't like biometric authentication. As has been said before it's kind of like using your username as your password. Simple ownership is presumed to be enough data to prove you belong.

Additionally I (personally) think it's a problem that the authentication method can't be changed. You can have new keys cut, you can change your password, but it's unlikely you'll ever get new handprints.

For me there's also the factor that it places the access holders at additional physical risk. I read an article a while ago about a guy that had a car with a fingerprint scanner installed... Carjackers wanted his expensive car, so they cut off his finger, stole his car and left him. Personally I would rather someone just took my keys.

Seems kinda gimmicky. Is securing a datacenter terribly different from securing any other sensitive building?
The article mentions the same firm that designed the security system for this data center also designed the security system for "the Federal Reserve System".

It's gimmicky, but I have to imagine it impresses potential customers.