See All 61 Security, Control, and Audit Points in Our Data Centers

Written by Joe Kozlowicz on Thursday, September 29th 2016 — Categories: Data Center Design, Security

PIN access and biometrics are just two of our data center security controlsHow secure is your data center? In order to pass HIPAA and SSAE 16 Type II certifications, Green House Data has over sixty auditable security and compliance measures. Each compliant data center is audited once per year.

Some of the security measures are standard practice, while others had to be added to daily practices in some facilities in order to gain compliance. This list can help you get your data center up to speed – or see just how much effort goes into keeping server rooms monitored, secured, and fully auditable.

Control Areas - The Full List

Ref No. Control Area Control Specification
1.1 Policies and Procedures

The policies define common security and availability requirements for all Green House Data personnel and systems that create, maintain, store, access, process, or transmit information.

1.2Policies and Procedures

Green House Data requires employees to read and sign the employee handbook, which includes an acceptable use policy indicating their willingness to comply with company policies and procedures.

1.3Policies and Procedures

Each employee is required to attend a security awareness training session that also addresses availability on an annual basis.

1.4Policies and Procedures

Responsibility for security and availability has been assigned to the Security and Compliance Administrator.

1.5Policies and Procedures

It is the Security and Compliance Administrator’s responsibility to ensure that information security and availability policies are reviewed, updated as necessary, and approved for distribution.

1.6Policies and Procedures

The security and data center availability obligations of employees are communicated within the information security and availability policies and annual Security Awareness training.

1.7Policies and Procedures

Issues of non-compliance with policies are dealt with immediately and could ultimately result in termination.

1.8Policies and Procedures

Green House Data has created a security risk analysis which is updated periodically that outlines potential risks related to the data center services provided to clients.

1.9Policies and Procedures

Green House Data information security and availability policies provide for the identification of applicable laws, defined commitments, and service-level agreements.

1.10Policies and Procedures

Green House Data has provided internal and external users with information on how to report security and availability failures, incidents, concerns and other complaints.

2.1Organizational Management

Green House Data’s organizational structure is organized into three primary areas, namely Engineering, Client Service, and Administration, so that client services are handled in the most timely and efficient manner possible.

2.2Organizational Management

To increase the operational effectiveness of employees within this structure, every position has a job description so that individuals understand their responsibilities.

2.3Organizational Management

This collaborative approach involves a number of activities including frequent discussions between executivemanagement and employees and other incentives that all work to align each individuals’ job responsibilities with th organization’ directives.

2.4Organizational Management

Applicants for full-time Green House Data employment are required to complete a successful background check, which includes confirming work experience, prior employment, academic diplomas and degrees, and any required licensure.

2.5Organizational Management

New hires are required to review the Green House Data employee handbook and sign an agreement that states that they will abide by the company policies.

3.1Physical Security

The data centers at Green House Data are protected through physically and logically secured card key systems and keypads or biometric locks 24/7/365.

3.2Physical Security

Engineering at Green House Data monitors security surveillance cameras positioned at key locations within the facilities so that client assets are safeguarded.

3.3Physical Security

Only authorized individuals who have access to the data centers can access the equipment within the cabinets.

3.4Physical Security

Visitors to the data centers, including contractors, must sign the visitor log upon entry and must be accompanied at all times.

3.5Physical Security

Engineering is notified when individuals no longer require access to the data centers. Upon notification, the security systems controlling the card keys, keypads, and biometrics are updated in order to revoke access rights to the data centers.

3.6Physical Security

Access to each data center requires the specific approval of management responsible for the data center.

3.7Physical Security

The results of the daily data center walkthroughs are documented in shift reports.

4.1Logical Access

Access to Green House Data’s network and clients’ networks is controlled by Engineering and is restricted to authorized Green House Data employees.

4.2Logical Access

A valid username and password is required to log into Green House Data’s network.

4.3Logical Access

The network password policy configuration enforces an appropriate level of password complexity to help prevent unauthorized network access.

4.4Logical Access

Both of these remote access methods utilize secure sockets layer (SSL) connections over a virtual private network (VPN) and require authorized users to authenticate with a username and password.

4.5Logical Access

Network access requests must be approved by an appropriate member of management.

4.6Logical Access

When an individual’s employment with Green House Data is terminated, a system administrator revokes the user’s access.

4.7Logical Access

Administrator-level access privileges are restricted to only those individuals who require such access to perform their respective job functions.

5.1Logical Access

By effectively utilizing VLANs, each client has their own dedicated virtual Internet Protocol (IP) network environment that is logically partitioned from all other client environments.

5.2Logical Access

Client data and programs are on individual host and/or guest operating systems, which are configured to prevent access by other clients.

5.3Logical Access

Each Washington data center client gets two Ethernet handoffs, and they are addressed only with their IP spaces.

6.1Change Management

Green House Data has a detailed Change Management Policy and Procedure in place that addresses changes to all data center equipment, including network hardware and telecommunications devices.

6.2Change Management

In Cheyenne, no hardware, software, furniture, shelving or other materials are removed or added to the data centers without prior approval from the change management committee.

6.3Change Management

At all Green House Data locations, all changes planned in the data centers are fully documented within a Green House Data Change Request Ticket and changes in Cheyenne data centers are approved at the change management committee meeting held twice a week, every Tuesday and Thursday afternoon at 2:00 pm.

6.4Change Management

If system changes impact clients or internal Green House Data employees, notification of the change is sent to the impacted parties in a timely manner.

White Paper

Data Center Build vs. Buy: How to Decide

Judge ROI, risk, and core competencies with tips from this white paper.

7.1 Environmental Controls

Proper temperature and humidity are maintained throughout the Cheyenne data centers using sensor controlle CRA an IDE units.

7.2Environmental Controls

In the Washington data centers, there are CRAC units at all locations and the temperature is monitored by NOC personnel on an ongoin basis.

7.3Environmental Controls

The Cheyenne data centers are equipped with air particle detection equipment that detects smoke, dust, moisture, or other particulates tha coul har equipment.

7.4Environmental Controls

The original Cheyenne 01 data center is equipped with a Novec 1230 fire suppression system, and the Cheyenne 02 data center and the three Washingto dat center utiliz a pre action sprinkle system.

7.5Environmental Controls

The data centers use a combination of UPS systems and diesel generators to supply sufficient power in the event of a power outage from the electric utility.

7.6Environmental Controls

Environmental systems are monitored at all times within the NOC.

7.7Environmental Controls

A Green House Data employee is on call at all times and receives a page or text when an incident occurs.

7.8Environmental Controls

HVAC, UPS, diesel generator, and fire suppression equipment is maintained on a regular basis to keep the equipment in proper functioning order.

8.1Systems Monitoring

Green House Data’s Engineering staff utilize network monitoring tools to continuously monitor all aspects of the network for Internet connectivity problems or other irregularities that could disrupt the service provided t clients.

8.2Systems Monitoring

In Cheyenne, alerts are displayed on large panel monitors located within Engineering, and in all locations, alerts are sent via email to a defined distribution list, via text message and sent via page to the on-call employee.

8.3Systems Monitoring

For problems that cannot be addressed immediately, a ticket is opened and the appropriate engineer is assigned to correct the problem.

8.4Systems Monitoring

Problem tickets are continuously monitored by management to ensure problems are addressed in a timely manner, resolutions are documented, and the ticket is closed.

9.1Performance and Availability

Formal procedures have been developed for the monitoring of system performance and availability, and the escalation of system-related problems.

9.2Performance and Availability

Green House Data’s Engineering team monitors its systems 24/7/365 to maximize performance, preserve the integrity of the systems, and maintain systems availability.

9.3Performance and Availability

Computer systems are monitored for CPU, memory, network, and disk utilization as well as network availability using active monitoring systems that alert Engineering upon reaching configured thresholds for certain metrics.

9.4Performance and Availability

Green House Data’s systems are configured to notify Engineering via an alert in the event certain system performance and availability threshold metrics are met.

9.5Performance and Availability

For alerts that need to be addressed, a ticket will be created and dealt with by Engineering in a timely manner.

10.1Client Provisioning

The agreement detailing the terms and conditions of the services to be rendered is signed and returned by the client.

10.2Client Provisioning

The technical specification documents contain detailed requirements information based on the client’s particular needs.

10.3Client Provisioning

Based on the order requirements, an engineer sets up the services for the client using defined templates stored within the ticketing system to promote consistency and accuracy in the delivery of services.

10.4Client Provisioning

Data center personnel will take a copy of photo identification for any client personnel that require access to the data center. Clients are also required to review, complete, and sign the necessary access forms to receive a card key, access codes, and cabinet key.

11.1Network Device Security

The Green House Data network is built on multiple layers of routers, switches, and firewalls that are used in managing network traffic and are, therefore, critical in managing clients’ network and system security and availability.

11.2Network Device Security

Access to all of the network devices on the Green House Data network is managed through the use of ACLs and rule sets that restrict device access to individuals accessing the devices from explicitly authorized IP addresses on the Green Hous Data network.

11.3Network Device Security

In addition, access to configure network devices is restricted to authorized individuals only.

11.4Network Device Security

An application runs each hour and performs a differential comparison of the configurations on all network devices and sends alerts to System Administrators when changes are made.

Phew! If you've made it this far and haven't found a security, monitoring, deployment, or compliance measure you need for your IT infrastructure, just reach out and we can make it happen. Custom deployments are standard at Green House Data. You can also read more about our security measures, compliance standards, and data centers to get more detailed information.