Level 6 Data Centers: Best Practices in Security

September 22, 2020 at 9:00 am by Amanda Canale

Over time, data center infrastructures have evolved from mainframes to cloud applications and can now take on various forms. The type of data center depends on the facility’s primary functions, how it is supported, and size. Based on these criteria, there are four main types of data centers: enterprise data centers, managed services data centers, colocation data centers, and cloud data centers. In addition to storing, managing, and circulating data, data centers also manage physical security systems, network and IT systems, power resources, environmental control, and performance and operational management.

Depending on the size and function of the data centers, some companies are known to have multiple centers in various locations that can store different data or serve as a centralized backup site. This helps to prevent the data from being destroyed due to natural or man-made disasters or in the instance of an outage. There are several levels to data center security, the highest level being Level 6. SEM devices are often part of a robust Level 6 data security program, as seen in this Google data center video.

Natural disasters aside, Level 6 data centers offer the utmost advances in modern data security to ensure that none of the data they store and manage gets into the wrong hands. Below we have broken down each security level within a Level 6 data center and offer an inside peek at just how difficult they can be to hack.

Level 1
Regardless of the kind of data center, the first level of security is the physical property boundaries surrounding the facility. These property boundaries typically include signage, fencing, and other significant forms of perimeter defenses.

Level 2
Once the physical property boundaries have been bypassed, the next level of security is a secure perimeter. Here, someone can enter through the main entrance gate and be met by 24/7 security guard staff, comprehensive camera coverage, smart fencing, and other perimeter defense systems. Once someone has entered the second level, the company’s security personnel have eyes on their every move.

Level 3
Level 3 finally allows physical entry to the data center…well, kind of. Even though someone may have been granted building access, they are still nowhere near the data center floor. This level requires a security search of each individual entering the data center. Employees entering the facility must provide a company-issued identification badge and be subjected to an iris or facial scan to confirm identity. In addition, most data centers only allow one person to badge in through doors at a time. All of these combined layers are to ensure that only approved personnel may enter.

Level 4
Level 4 houses the security operations center (SOC). The SOC is often referred to as the brains of the security system as it monitors the data center 24 hours a day, seven days a week, 365 days a year.  All of the previous layers of security discussed above (from camera footage, ID readings, to iris scans) are connected to the SOC and monitored by a select group of security personnel. Think of this level also as the eyes and ears of the facility.

Level 5
Level 5 is the data center floor – finally! This is where all of the company’s data and information is stored. When at this level, security is much stricter when it comes to access and only a small percentage of staff members have access to this level; typically, only the technicians and engineers so they can repair, maintain, or upgrade equipment. Even when on the data center floor, technicians and engineers only have access to the devices, but not the data itself, as all of the stored data is encrypted (another layer of security!).

Level 6
This is where all of the fun happens. And by fun, we mean data destruction. Security at this level is at an all-time high with even fewer personnel having access. It is at this level where end-of-life of all storage media happens. If a device needs to be destroyed, there is usually some sort of secure two-way access system in place, which can vary depending on the facility. This means that one person drops off the device to a locker or room and another person takes the device away to be destroyed. This step is crucial to maintaining data security protocols so only technicians assigned to the destruction room have access to the devices. It is the role of the technicians in this room to scan, degauss (magnetic media only), and destroy the retired devices.

Leaving the data center is a process just as intensive and secure as entering. Every person leaving the data center floor is subjected to a full-body metal detector and makes his or her way back through each of the previous levels. This is to ensure that no one is able to leave with any devices and each person that has entered can be accounted for when leaving.

In the destruction phase, it is NSA best practice to first degauss the device if it is magnetic media. This practice offers companies the most secure method of sanitization. SEM degaussers use powerful magnetic fields that sanitize magnetic tapes and magnetic hard disk drives. It is this act alone that renders the drive completely inoperable – which is always the goal. Not even the most skilled of hackers will be able to get any information off of the drive, simply because there’s nothing left on it to hack!

The next step is the physical destruction of the drive or device. This can be done by act of crushing and/or shredding. Combined, degaussing and destroying ensure that no information is susceptible to getting stolen and offer the best security in the destruction of your end-of-life data.

One of the most common data destruction misconceptions is that erasing or overwriting a drive and degaussing are the same thing. They’re not. Erasing data isn’t completely foolproof as it’s possible that trace amounts of encrypted and unencrypted data can still get left behind. This becomes a gold mine for hackers and thieves, who then have complete freedom to do whatever they want with your most sensitive and classified information. But remember, degaussing is only effective for magnetic media, such as rotational hard disk drives (HDDs). Deguassing is completely ineffective on solid state drives (SSDs) and optical media; therefore, physical destruction (crushing or shredding) to a very small particle size is best practice for these devices.

Regardless of the type and size of data center, implementing security layers like the ones listed above and destroying end-of-life data in-house are always best practice. By doing so, companies can be confident that their data has been successfully destroyed. Some companies make the mistake of opting for a third-party data sanitization vendor. When going the third-party route, individuals and companies forfeit any and all oversight, which leaves plenty of room for drives to be stolen, misplaced, and mishandled. It is this level of negligence, whether at the hand of the company or vendor, that can cause catastrophic damages to the company, its brand, and its customers.

Hackers do not discriminate. So regardless of the industry, purchasing in-house, end-of-life data destruction equipment is well worth the investment simply because it is impossible to be certain that all data has been destroyed otherwise. This can in turn potentially save the company more time and money in the long run by preventing breach early on.

At SEM we have an array of various high-quality NSA listed/CUI and unclassified magnetic media degaussers, IT crushers, and enterprise IT shredders to meet any regulation – including Level 6! Any one of our exceptional sales team members are more than happy to help answer any questions you may have and help determine which machine will best meet your company or federally regulated destruction needs.