At information-intensive companies, data centres don´t just hold the crown jewels; they are the crown jewels. Protecting them is a job for whiz-bang technologists, of course. But just as important, it´s a job for those with expertise in physical security and business continuity.
That´s because all the encryption and live backups in the world are a waste of money if someone can walk right into the data centre with a pocket knife, a camera phone and bad intentions.
There are plenty of complicated documents that can guide companies through the process of designing a secure data centre – from the gold-standard specs used by the federal government to build sensitive facilities like embassies, to infrastructure standards published by industry groups like the Telecommunications Industry Association, to safety requirements from the likes of the Fire Protection Association Australia. But what should be the CIO´s or CISO´s high-level goals for making sure that security for the new data centre is built into the designs, instead of being an expensive or ineffectual afterthought?