#1. Nobody attacks data centers. No, really, they don't. Have some solid concrete walls, a man trap for people entry. a secure receiving area, and make sure your external doors are locked and you now have more security than is required for any data center short of critical infrastructure (nuclear/air-safety) - and probably enough for that as well.
#2. Even if people attacked data centers (which, honestly, they don't) - there was nothing in these tours that would increase their odds of successfully doing so. Much easier to just get a job there if you really had some desire to cause damage.
Indeed. Facebook's operational risk is probably geared towards making sure employees don't leak people's private data, rather than making sure someone doesn't blow a wall in the data center and cart off their disks. Because the first one happens, but the second one doesn't. Unless it's a movie.
I think that's a fact because the folks who blow things up aren't cognizant of their importance, or aren't using weapons appropriate to the task.
When the US attacks a country, what do they blow up first? A: Airfields, SAM sites, and Command/Control/Coordination centers. Datacenters and big telco facilities fall into that category.
Oh, I've been involved in several incidents in Data Centers -but they all were a result of people who had been legitimately been let in to the data center. Contractors, Electricians, Customers, Telcos.
In the entire history of data centers, I'd be surprised if there's been more than a dozen external penetrations on a data center that had the following:
o Solid Concrete walls.
o Man Traps w/security that vets all entry.
o External Locking Doors that are always Locked.
o Secure Shipping and Receiving (Basically Rolling Doors
that lead into a "Package Trap" for gear where it is
deboxed)
o And, I should have also mentioned, customer cages.
On the flip side, I'm betting we could find thousands, and more likely tens of thousands, of incidents related to people who had been let in through proper channels. If you want to invest effort in securing your data center, that's where you'll get the biggest payoff.
#1. Nobody attacks data centers. No, really, they don't. Have some solid concrete walls, a man trap for people entry. a secure receiving area, and make sure your external doors are locked and you now have more security than is required for any data center short of critical infrastructure (nuclear/air-safety) - and probably enough for that as well.
#2. Even if people attacked data centers (which, honestly, they don't) - there was nothing in these tours that would increase their odds of successfully doing so. Much easier to just get a job there if you really had some desire to cause damage.