According to the latest report from the Federal Office for Information Security (BSI), the IT security situation in Germany is “tense to critical”. The BSI therefore sees the situation as more critical than ever before. According to the Federal Office, the main cause is the ongoing digitalization and increasing networking in all areas - in society, the economy and the state. Because the attack surface for cyber attacks is becoming larger and larger. Small and medium-sized companies in particular, as well as local governments and municipal companies, increasingly found themselves in the crosshairs of such attacks during the study period (June 1, 2022 to June 30, 2023). According to the BSI, ransomware and artificial intelligence (AI) have caused great economic and financial damage. In order to ward off such attacks, the BSI calls for strengthening resilience and increasing the resilience of IT. This requires well-thought-out and sustainable security concepts, such as those offered by High Knowledge GmbH from Cologne for data centers. The solutions take a holistic view of all safety-relevant areas right from the planning stage.

The current BSI report shows the dangers of increasing cyber attacks, but also suggests ways to protect yourself against them. Harry Knopf also sees it that way. The managing director of High Knowledge therefore demands: “The topic is too important not to tackle it with full focus. It is important to have reliable and competent partners who look at the issue as holistically as possible and contribute to increasing the security, availability and resilience of data centers and technical building infrastructure.” That is why it is important to focus on all aspects when planning data centers. This includes all security-relevant areas, such as access controls, maintenance processes and an effective redundancy concept. This also includes avoiding single points of failure, increasing infrastructure resilience by taking single and double failure events into account, pen testing of IT but also the technical building infrastructure, and the automatic activation of security protocols in the event of security-relevant disruptions.

Comply with legal regulations

The security of sensitive data and infrastructure is the top priority in a data center. To this end, the legislature also sets strict requirements with the BSI-Kritis Act (BSI-KritisV) for critical infrastructure with corresponding reporting obligations. This includes, among other things, regular professional inspections of safety-relevant systems such as the fire protection and security center. The electrical tests according to DGUV regulation 3 (DGUV V3) and the E-Check VDE VDE 0100 are also required. These two exams are also conducted by the experts at High Knowledge. Data center operators should also be able to demonstrate ISO 27001 certification based on BSI IT-Grundschutz and SOC 2. These legal requirements are taken into account and documented in detail by the Cologne company during the planning phase, so that everything can run smoothly in the subsequent operation of the respective system.

Two pillars of security

In order for a data center to be optimally protected, the security concept must be based on two pillars. On the one hand, a security concept should be drawn up for the entire system. The graduated zone concept is ideal for this. The IT is also protected from unauthorized access using special software and pen tests. The pen tests primarily look at network security. Weak points are analyzed and highlighted here. Furthermore, firewalls, anti-malware software, intrusion detection systems and access controls ensure the security of the data.

An important aspect, however, is the 100% security of the entire system. This starts at the entrance gate and ends in the server room. Sustainable and intelligent access control systems that are structured on multiple levels come into play here. The first zone forms the outer ring. The entire area is protected by a security fence. The entrances and exits are monitored around the clock by a modern camera system. Access to the data center is only possible for and by security personnel, so that everyone who wants to enter the building is subject to compulsory screening. The captured images and data are best stored for 90 days and the images are imported directly into the security center. The security center should also be manned around the clock. Alternatively - especially in smaller data centers - effective locking and locking systems can also fulfill this task. Every person who wants to enter the building has to register. The security staff or the lock technology checks every registration. If the person is an employee of a data center customer, the next step is a check against the customer's official personnel list. The list should never be older than 30 days and should be updated immediately if there is a change in personnel.

Second and third security zones

The second security zone of the concept is located between the security desk and the actual data center area. Above all, all access routes to the server room, but also conference rooms, offices, kitchens, washrooms and toilets are monitored in order to prevent unlawful access. Today, a connection between the camera and the door access system or motion-controlled cameras is standard here. As a rule, alarms are triggered in the security center if a door is not closed within a predefined period of time. This also includes video gates - such as those installed by High Knowledge - as effective and modern isolation systems in the defined security areas. However, as in all other monitored areas, the data protection regulations are strictly observed.

The precise implementation of the so-called third zone offers complete protection for the data center. This is the high-security zone in which the areas for the IT systems and the system-critical systems of the data center operator are located. That is why the highest safety requirements apply in this area. The doors are secured 24/7 with cameras and a secondary protection measure such as access control systems or locks. To ensure everything runs smoothly and that everything is up to date, the data center's access control systems should be regularly checked and maintained. Here, too, a reliable and competent partner is required who can holistically check the security concept and optimize it if necessary. This is the only way to ensure an increase in the security, availability and resilience of data centers and technical building infrastructure.

Conclusion

The threat in cyberspace continues to grow. This is the result of the BSI report “The situation of IT security in Germany 2023”. But the level of digitalization in private, public and economic spaces is also constantly increasing. That’s why a sustainable and effective security system for data centers is immensely important. Here you should rely on competent partners who provide ideal protection with their solution. This includes a multi-level security concept that includes various monitoring methods as well as a combination of mechanical and electronic security systems. The concept should always be tailored precisely to the respective system and requirements. This means that individual procedures can vary and reflect different security standards in different areas. These include, for example, the use of biometric access controls such as fingerprint or iris scans, access locks or person isolation systems. Two-factor authentication also ensures even higher access protection. The IT should also be secured at all times with the appropriate protection software. At the same time, the protection of sensitive data is guaranteed. Compliance with the new General Data Protection Regulation is also anchored in the security concept.