Building perimeter security, the outer edge of data center early warning systems, is kind of like playing a Tower Defense game. In both instances, there are multiple options available for aligning what you deploy with your needs. However, when considering all the variables involved in Total Cost of Ownership (TCO), measuring it on an ongoing basis can be much trickier than playing a video game.
Southwest Microwave’s Tim Claus, a former electronics tech in the Navy, said during his Data Center World presentation in Las Vegas this week that deploying data center security around the perimeter is not as easy as throwing up a fence and slapping cameras around. A perimeter security strategy needs to be carefully calculated.
Claus addressed TCO as well as identifying pros and cons of various data center security solutions and pointing out the importance of understanding the pros and cons of each type of sensor and backing them up with complimentary capabilities. He also discussed the design of systems: Where should you put what types of sensors and why?
It’s best to approach Total Cost of Ownership as a continuous process, aligned with the threat level, and partnered with someone with multiple types of technology who is willing to assist on implementation, said Claus.
Types of sensors include: fence-mounted intrusion detection systems, buried cable sensors, and microwave. All have pros and cons and can complement one another in different ways.
Video analytics is also becoming more popular, according to Claus. Vendors are developing technology to actively discern threats. However, these sensors are best paired with physical sensors to tune out false alarms. “In our sensor testing, we determined we always want to use an area of limited view because it can be distracted in a large area,” said Claus.
Setting up a plan for ongoing operations and training are major cost considerations.
Claus said to consider the following factors:
- How expensive will it be to turn on power to a complex system?
- How measurable is ROI?
- What are acquisition costs, installation costs, change costs and operational costs?
Most people don’t consider costs involved in making changes, according to Claus. “Most camera systems don’t stay the same throughout the life. What you don’t want to do is spend $100,000 and have to replace it because it couldn’t evolve or change. Can the system expand, and what’s the cost of that expansion?”
Maintenance costs vary, said Claus. Power costs also need to be taken into consideration. A microwave may be more or less expensive than buried cable based on configuration.
The benefits of data center security include early-warning perimeter-threat detection and assessment. “We want to give your security team as much time as possible,” said Claus. However, false alarms can be dangerous as they can make people potentially complacent when something serious happens.
Each sensor is prone to certain types of false alarms. Dew on grass can trigger false microwave warnings, and strong winds can trigger fence sensors. Ultimately, the cheapest fence system with 20 nuisance alarms a day may not be cheapest after some time. Employing different types of sensors helps reduce false alarms but raises cost.
Perimeter security is about performing intrusion detection as early, accurately and cost effectively as possible. An experienced intruder can climb over razor wire in three seconds, said Claus. It makes you wonder why there’s never been a data center heist movie.
A basic deterrent consists of a fence, lighting, and even thorny bushes. “Typically a fortified site is an optimal deterrent,” said Claus. “Inside, we can add physical detection devices, buried cable systems or pressure type sensors.”
The big terms in perimeter security are Probability of Detection (PD), False Alarm Rate (FAR) and Nuisance Alarm Rate (NAR). In designing perimeter security you want a high probability of detection, but the lowest FAR and NAR as possible. Each type of perimeter security has pros and cons. The right fit largely depends on the situation and environment.
To apply security products, you need to define the type of threat first: Are they terrorists or local kids? “The type of threat will guide you to the right budget and product,” said Claus. “We’ve seen it all."
After adding a deterrent around the perimeter, the next step is to determine how many layers of protection you need. Single layer sensor protection is a fence with sensors on the inside.
A dual layer approach combines multiple types, in addition to better coverage; it better allows tuning out false alarms. One sensor technology is usually placed at the outer perimeter and the second at the asset.
Multi-layer protection includes several different types. These sensors can extend beyond the perimeter to help detect someone doing reconnaissance. The downside is that it also detects animals and other triggers of false alarms.
There are several design considerations such as the terrain, and the line of sight. There are access and integration considerations as well and multiple ways to connect software and sensors. You don’t want staff to trigger false alarms. “What we found is that sensor providers are providing software development kits that allow sensors to tie in,” said Claus.
You even need to consider whether sensors are visible. They can be ugly, however, seeing the sensors can be a deterrent, as in the case of microwaves.
