R&M Data Center Handbook
R&M Data Center Handbook
R&M Data Center Handbook
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
www.datacenter.rdm.com<br />
3.2.3. Security Zones<br />
Information technology security is a broad term which includes logical data security, physical system security, and<br />
organizational process security. The goal of a comprehensive security concept is to examine all areas, detect and<br />
assess risks early on and take measures so that a company’s competitive ability on the market is not at risk.<br />
When a company’s IT infrastructure and different IT functional areas are taken into consideration, a well thoughtout<br />
design can reduce or even eliminate significant physical security risks. Both the locations of IT areas and the<br />
spatial assignment of different functions together play a decisive role in this process.<br />
Functional Areas<br />
Designing an IT infrastructure and therefore selecting the location of a data center are based on a company’s<br />
specific data security concept, which reflects its requirements of availability and the direction of corporate policy.<br />
The following criteria should be examined when considering the physical security of a data center location:<br />
• Low potential of danger through neighboring uses, adjacent areas or functions<br />
• Avoidance of risks through media and supply lines, tremors, chemicals, etc. which may impair the physical<br />
security of IT systems<br />
• Prevention of possible dangers through natural hazards (water, storms, lightning, earthquakes) – assessment<br />
of the characteristics of a region<br />
• The data center as a separate, independent functional area<br />
• Protection from sabotage via a “protected” location<br />
• An assessment of the danger potential that is based on the social position of the company<br />
If all risk factors and basic company-specific conditions are taken into consideration, not only can dangers be<br />
eliminated in advance during the conception process for the IT infrastructure, but expenditures and costs can also<br />
be avoided.<br />
When designing and planning a data center, its different functional areas are arranged in accordance with their<br />
requirements for security and their importance to the data center’s functional IT integrity.<br />
The different functional areas can be divided up as follows:<br />
Security Zones<br />
Function<br />
1 Site white<br />
2<br />
3<br />
4<br />
5<br />
Semi-public area, adjacent<br />
office spaces<br />
Operating areas, auxiliary<br />
rooms for IT<br />
Technical systems for IT<br />
operation<br />
IT and network<br />
infrastructure<br />
Marking<br />
(example)<br />
green<br />
yellow<br />
blue<br />
red<br />
Arrangement of Security Zones<br />
The image above is one example that results when different security zones are shown schematically: The IT area<br />
(red) is located on the inside and is protected by its adjacent zones 3 and 4 (yellow/blue). Security zones 1 and 2<br />
(white/green) form the outer layer.<br />
Separating functional areas provides for limited possibilities for accessing sensitive areas, so possible sabotage is<br />
prevented. This ensures, for example, that a maintenance technician for air conditioning systems or the UPS only<br />
has access to the technical areas (blue) of the company and not to the IT area (red).<br />
The locations of the different functional areas as well as the division of security zones, or security lines, are key to<br />
ensuring the security of the IT infrastructure. However, continuous IT availability can be realized only within the<br />
overall context of a comprehensive security concept that considers all IT security areas.<br />
R&M <strong>Data</strong> <strong>Center</strong> <strong>Handbook</strong> V2.0 © 08/2011 Reichle & De-Massari AG Page 53 of 156