If you cross the threshold at any of Exodus Communications fifth-generation data centers in North America, Europe or Asia, and Vice President of Corporate Security James Snyder happens to be there, hes likely to point out that you have been watched and filmed since you arrived in the parking lot.
Physical security among data centers is like a private-sector arms race: Its a matter of months before features that seemed advanced a year ago become ordinary. Snyder is a former Secret Service agent who now helps guard the fort at Exodus. He first went corporate at MCI, and later worked at Mobil.
Snyders theory is that a data centers defense system should be modeled on an onion — layered and tough.
The first line of defense for most of the fifth-generation facilities, in addition to 12 exterior cameras filming everything including the roof, is the door. Although ordinary looking, it weighs 800 pounds, which makes opening it without a key . . . difficult.
Once inside, visitors are greeted by two cheerful guards behind a plate of class-5 bulletproof glass. A class-5 rating means the glass will stop seven to nine bullets fired from an assault weapon that meets NATO specifications.
Assuming that a visitor has security clearance to enter the building, he or she would surrender a passport or a drivers license and proceed to one of two portals.
"When management asked us to describe what [the portals] looked like, I said it was sort of like a transportation chamber from early Star Trek," Snyder says. Maybe thats how he got the budget approved.
Capable of stopping a cannon blast, each portal looks like a rounded glass-and-chrome version of a phone booth. To enter, a security card has to be flashed in front of an electronic reader. One door opens, you step in, the door closes behind you. Elevator music prevents you from hearing whats going on outside. You then turn to where a public telephone would be, and flash another card to activate a biometric palm reader. If your hand imprint matches with the one on file in the data center repository, the other door of the portal opens and you can enter.
Inside, the data center has higher raised floors and more secure cages than a typical facility — some with biometric readers as well. Snyders idea of security is making access as difficult as possible so it is easy to control. Therefore, every biometric reader is programmed individually, an embodiment of the "need to know" principle; if an individual needs to gain access to a location like a network operations center, an appropriate manager has to physically grant this access.
Is this overkill? Maybe this year. Snyder is first to admit security is an easy budget item to get carried away with.
"There is a point of diminishing returns with security," he says.
As far as Snyder is concerned, customers employees with access to the facility are the No. 1 risk factor. The alternative is a data center with no customers, and no access for anybody a 100 percent secure location. Everything else is a balancing act.