See All 61 Security, Control, and Audit Points in Our Data Centers

Written by Joe Kozlowicz on Thursday, September 29th 2016 — Categories: Data Center Design, Security

PIN access and biometrics are just two of our data center security controlsHow secure is your data center? In order to pass HIPAA and SSAE 16 Type II certifications, Green House Data has over sixty auditable security and compliance measures. Each compliant data center is audited once per year.

Some of the security measures are standard practice, while others had to be added to daily practices in some facilities in order to gain compliance. This list can help you get your data center up to speed – or see just how much effort goes into keeping server rooms monitored, secured, and fully auditable.

Control Areas - The Full List

Ref No. Control Area Control Specification
1.1 Policies and Procedures

The policies define common security and availability requirements for all Green House Data personnel and systems that create, maintain, store, access, process, or transmit information.

1.2 Policies and Procedures

Green House Data requires employees to read and sign the employee handbook, which includes an acceptable use policy indicating their willingness to comply with company policies and procedures.

1.3 Policies and Procedures

Each employee is required to attend a security awareness training session that also addresses availability on an annual basis.

1.4 Policies and Procedures

Responsibility for security and availability has been assigned to the Security and Compliance Administrator.

1.5 Policies and Procedures

It is the Security and Compliance Administrator’s responsibility to ensure that information security and availability policies are reviewed, updated as necessary, and approved for distribution.

1.6 Policies and Procedures

The security and data center availability obligations of employees are communicated within the information security and availability policies and annual Security Awareness training.

1.7 Policies and Procedures

Issues of non-compliance with policies are dealt with immediately and could ultimately result in termination.

1.8 Policies and Procedures

Green House Data has created a security risk analysis which is updated periodically that outlines potential risks related to the data center services provided to clients.

1.9 Policies and Procedures

Green House Data information security and availability policies provide for the identification of applicable laws, defined commitments, and service-level agreements.

1.10 Policies and Procedures

Green House Data has provided internal and external users with information on how to report security and availability failures, incidents, concerns and other complaints.

2.1 Organizational Management

Green House Data’s organizational structure is organized into three primary areas, namely Engineering, Client Service, and Administration, so that client services are handled in the most timely and efficient manner possible.

2.2 Organizational Management

To increase the operational effectiveness of employees within this structure, every position has a job description so that individuals understand their responsibilities.

2.3 Organizational Management

This collaborative approach involves a number of activities including frequent discussions between executivemanagement and employees and other incentives that all work to align each individuals’ job responsibilities with th organization’ directives.

2.4 Organizational Management

Applicants for full-time Green House Data employment are required to complete a successful background check, which includes confirming work experience, prior employment, academic diplomas and degrees, and any required licensure.

2.5 Organizational Management

New hires are required to review the Green House Data employee handbook and sign an agreement that states that they will abide by the company policies.

3.1 Physical Security

The data centers at Green House Data are protected through physically and logically secured card key systems and keypads or biometric locks 24/7/365.

3.2 Physical Security

Engineering at Green House Data monitors security surveillance cameras positioned at key locations within the facilities so that client assets are safeguarded.

3.3 Physical Security

Only authorized individuals who have access to the data centers can access the equipment within the cabinets.

3.4 Physical Security

Visitors to the data centers, including contractors, must sign the visitor log upon entry and must be accompanied at all times.

3.5 Physical Security

Engineering is notified when individuals no longer require access to the data centers. Upon notification, the security systems controlling the card keys, keypads, and biometrics are updated in order to revoke access rights to the data centers.

3.6 Physical Security

Access to each data center requires the specific approval of management responsible for the data center.

3.7 Physical Security

The results of the daily data center walkthroughs are documented in shift reports.

4.1 Logical Access

Access to Green House Data’s network and clients’ networks is controlled by Engineering and is restricted to authorized Green House Data employees.

4.2 Logical Access

A valid username and password is required to log into Green House Data’s network.

4.3 Logical Access

The network password policy configuration enforces an appropriate level of password complexity to help prevent unauthorized network access.

4.4 Logical Access

Both of these remote access methods utilize secure sockets layer (SSL) connections over a virtual private network (VPN) and require authorized users to authenticate with a username and password.

4.5 Logical Access

Network access requests must be approved by an appropriate member of management.

4.6 Logical Access

When an individual’s employment with Green House Data is terminated, a system administrator revokes the user’s access.

4.7 Logical Access

Administrator-level access privileges are restricted to only those individuals who require such access to perform their respective job functions.

5.1 Logical Access

By effectively utilizing VLANs, each client has their own dedicated virtual Internet Protocol (IP) network environment that is logically partitioned from all other client environments.

5.2 Logical Access

Client data and programs are on individual host and/or guest operating systems, which are configured to prevent access by other clients.

5.3 Logical Access

Each Washington data center client gets two Ethernet handoffs, and they are addressed only with their IP spaces.

6.1 Change Management

Green House Data has a detailed Change Management Policy and Procedure in place that addresses changes to all data center equipment, including network hardware and telecommunications devices.

6.2 Change Management

In Cheyenne, no hardware, software, furniture, shelving or other materials are removed or added to the data centers without prior approval from the change management committee.

6.3 Change Management

At all Green House Data locations, all changes planned in the data centers are fully documented within a Green House Data Change Request Ticket and changes in Cheyenne data centers are approved at the change management committee meeting held twice a week, every Tuesday and Thursday afternoon at 2:00 pm.

6.4 Change Management

If system changes impact clients or internal Green House Data employees, notification of the change is sent to the impacted parties in a timely manner.

White Paper

Data Center Build vs. Buy: How to Decide

Judge ROI, risk, and core competencies with tips from this white paper.

7.1 Environmental Controls

Proper temperature and humidity are maintained throughout the Cheyenne data centers using sensor controlle CRA an IDE units.

7.2 Environmental Controls

In the Washington data centers, there are CRAC units at all locations and the temperature is monitored by NOC personnel on an ongoin basis.

7.3 Environmental Controls

The Cheyenne data centers are equipped with air particle detection equipment that detects smoke, dust, moisture, or other particulates tha coul har equipment.

7.4 Environmental Controls

The original Cheyenne 01 data center is equipped with a Novec 1230 fire suppression system, and the Cheyenne 02 data center and the three Washingto dat center utiliz a pre action sprinkle system.

7.5 Environmental Controls

The data centers use a combination of UPS systems and diesel generators to supply sufficient power in the event of a power outage from the electric utility.

7.6 Environmental Controls

Environmental systems are monitored at all times within the NOC.

7.7 Environmental Controls

A Green House Data employee is on call at all times and receives a page or text when an incident occurs.

7.8 Environmental Controls

HVAC, UPS, diesel generator, and fire suppression equipment is maintained on a regular basis to keep the equipment in proper functioning order.

8.1 Systems Monitoring

Green House Data’s Engineering staff utilize network monitoring tools to continuously monitor all aspects of the network for Internet connectivity problems or other irregularities that could disrupt the service provided t clients.

8.2 Systems Monitoring

In Cheyenne, alerts are displayed on large panel monitors located within Engineering, and in all locations, alerts are sent via email to a defined distribution list, via text message and sent via page to the on-call employee.

8.3 Systems Monitoring

For problems that cannot be addressed immediately, a ticket is opened and the appropriate engineer is assigned to correct the problem.

8.4 Systems Monitoring

Problem tickets are continuously monitored by management to ensure problems are addressed in a timely manner, resolutions are documented, and the ticket is closed.

9.1 Performance and Availability

Formal procedures have been developed for the monitoring of system performance and availability, and the escalation of system-related problems.

9.2 Performance and Availability

Green House Data’s Engineering team monitors its systems 24/7/365 to maximize performance, preserve the integrity of the systems, and maintain systems availability.

9.3 Performance and Availability

Computer systems are monitored for CPU, memory, network, and disk utilization as well as network availability using active monitoring systems that alert Engineering upon reaching configured thresholds for certain metrics.

9.4 Performance and Availability

Green House Data’s systems are configured to notify Engineering via an alert in the event certain system performance and availability threshold metrics are met.

9.5 Performance and Availability

For alerts that need to be addressed, a ticket will be created and dealt with by Engineering in a timely manner.

10.1 Client Provisioning

The agreement detailing the terms and conditions of the services to be rendered is signed and returned by the client.

10.2 Client Provisioning

The technical specification documents contain detailed requirements information based on the client’s particular needs.

10.3 Client Provisioning

Based on the order requirements, an engineer sets up the services for the client using defined templates stored within the ticketing system to promote consistency and accuracy in the delivery of services.

10.4 Client Provisioning

Data center personnel will take a copy of photo identification for any client personnel that require access to the data center. Clients are also required to review, complete, and sign the necessary access forms to receive a card key, access codes, and cabinet key.

11.1 Network Device Security

The Green House Data network is built on multiple layers of routers, switches, and firewalls that are used in managing network traffic and are, therefore, critical in managing clients’ network and system security and availability.

11.2 Network Device Security

Access to all of the network devices on the Green House Data network is managed through the use of ACLs and rule sets that restrict device access to individuals accessing the devices from explicitly authorized IP addresses on the Green Hous Data network.

11.3 Network Device Security

In addition, access to configure network devices is restricted to authorized individuals only.

11.4 Network Device Security

An application runs each hour and performs a differential comparison of the configurations on all network devices and sends alerts to System Administrators when changes are made.

Phew! If you've made it this far and haven't found a security, monitoring, deployment, or compliance measure you need for your IT infrastructure, just reach out and we can make it happen. Custom deployments are standard at Green House Data. You can also read more about our security measures, compliance standards, and data centers to get more detailed information.

Chat Now