Data Centers in Strange Places

johannacw writes "Would you house a data center in a diamond mine or an old chapel? These organizations did, with great success; many of these facilities offer the latest in cooling and energy technology, among other advances. 'If you want an even more hardened environment for your data, you might look at the aptly named InfoBunker in Boone, Iowa, about an hour outside Des Moines. [...] The 65,000-square-foot, five-story site is dug deep into the ground. No one gets in without passing though the 4.5-ton steel door and then a three-step process. A scanner uses radio frequency to read the would-be entrant's skin as a biometric identifier. He then needs to use a keycard and enter a code on the keypad. This three-tier security is standard for high-level military installations, McGinnis explains.'"

that's a futuristic plan.

[User 956]

Once I become one though, well, I imagine MY data center will have a golf course. And blackjack. And possibly hookers.

And don't forget the full stock of Olde Fortran malt liquor.

So

[Colin Smith]

You bribe the people who work in the place.
 

Re:I always wonder.

[lelitsch]

Make that 3rd floor with backup power. Flooding [theregister.co.uk] can be a real bitch in a data center.

A Note On The Three Check Security Approach

[smackenzie]

For those who don't know... there are three essential methods of identifying someone:

1. What you are. (Iris scan, biometric readings, fingerprints, etc.)
2. What you have. (ID card, USB flash drive, random number security key, etc.)
3. What you know. (Password, etc.)

You are going to see a lot more systems use a "two out of three" approach. I actually thought, at one point, that this was going to be a requirement for Vista. I guess not.

The system in TFA requires all three: what you are, what you know, what you have. While requiring three out of three might seem a little nuts, it will seem less nuts in a few years when everyone has to have at least two out of three in order to do basic things like log onto their computer.

one isn't enough

[wkk2]

Disasters come in many forms. Having more than one center is probably more important than extreme security at one site.

The sites should be separated by physical distance and political jurisdictions. Data lost isn't limited to physical problems. It can come in the form of a legal scavenger hunt. Both can put you out of business.

missile silos

[NoBozo99]

I wonder why someone hasn't thought of using a abandon missile silo as a data center.

Basically, yes

[Moraelin]

Basically, yes, they're there to boost some manager's ego. I haven't even heard of a recent data loss or theft that involved a team of ninjas breaking in and stealing hard drives. The ones I did hear about, offhand, involved stuff like:

- pissed off admin exports the customer database and sells it to a spammer

- a hired rent-a-coder working at home is given an export of the fucking productive database, just so he can work out the report formatting. So he asks for help in a forum and attaches a zip file of said productive database. Just so, you know, others can try their hand at formatting that data too. (And if you think that's a one-off thing, at a recent consulting job I've seen exactly that happen, with the dumbass PHB's blessing. They exported the productive database, installed it on a test machine, then let the external contractor -- not me, but the guy whose neverending mess I was supposed to help fix -- copy it all on his private laptop too. And since he was not supposed to connect an external laptop to the internal network, the PHB cheerfully supplied an USB stick to transfer the data with. Made me cringe. But, hey, he was cheaper than doing it in-house.)

- productive data, complete with customer names and personal data, is copied on some salesman's laptop, because god forbid that you inconvenience the sales guys in the least bit, even by making them log in to a web site. Plus, I'm sure he thinks he's a wizard with Excel and God knows what ad-hoc graphs and reports he might need to generate on the spot from that data. Then said laptop is forgotten on the airport or stolen. (I can remember a dozen or so instances of this in the news without even googling.)

- social engineering and/or lax security standards (As an extreme case, I've actually worked for a dot-com back in the day, who told their 1st level support to give anyone an admin account who calls in and asks for one. It's easier than just creating one for the regional managers -- although I'd debate whether those need one in the first place. Nah, just tell them to phone in and ask for one. Eventually after a year they realized that they have a few thousand admin accounts and nobody knows who those people are.)

- pwned machines on the internal network that haven't been patched since Jurassic. I remember one touching story about IIRC Slammer, where a company got hit hard because they were running with completely unpatched workstations, since apparently installing any service pack broke one of the internal applications they were using. And, of course, they'd rather save money than fix the stupid application.

- pwned machines on the internal network because some dumbass PHB or marketter figured out (or bribed an engineer for the knowledge) how to open a tunnel from inside to his home machine and leave it on, so he can access the company network from home. So when his unprotected, crapware-ladden home machine got pwned, it was connected to the intranet.

- pwned machines on the internal network because just about anyone is allowed to plug their laptop in

The last three are especially nice if everything is one big network zone.

- pwned machines because some dumbass programmer would rather argue that SQL-injection and cross-site-scripting are just hype, instead of fixing his freakin' application. I'm still suprised at the number of people who don't even know how to quote a string for use in a web page or in the database. Or better yet, to use prepared statements and/or some template/framework that handles that kind of thing for you. And, yes, I remember at least one article linked even on Slashdot where the idiot was arguing that cross-site-scripting vulnerabilities are inevitable and harmless.

- pwnage via any of the above methods (including social engineering or dishonest employees) because noone bothered setting productive database passwords more creative than the same as the app name, and/or using more than one account for a whole department. Or indeed for the whole company. It's too much work

It is a bad thing

[Moraelin]

Pseudo-security is a bad thing, because it gets people to let their guard down. When they think that some magical talisman they bought (or in this case a bunker) makes the server super-extra-uber-secure, then the next thing that happens is that they cut the funding for real security.

Think of the dot-com era, really. How many times have you heard companies going "we're secure because we use 128 bit HTTPS! See that padlock icon? It means we're secure!" and then they forgot to check rights in their web site and/or just leave internal files around in the web server's directories or on some public FTP directory? Or leave their web server, some active ftp daemon, and God knows what else run with the default admin password? I can think of a couple which cheerfully left text files with user data and credit card numbers available for everyone. But, hey, they have 128 bit HTTPS, so they're secure.

Or I know of at least one corporation which bought all sorts of expensive appliances to scan all JMS messages and SQL statements for malicious stuff... but then noone actually configured rules for those. They used them effectively as some magical talisman that makes them secure just by being there, no extra work required. And some of them were bogus talismans anyway, pure snake oil that couldn't even have done the job right.

_That_ is the problem. When someone is as disconnected from reality as to think that security means preventing teams of ninjas from physically breaking in, something tells me that they probably didn't have thought much about actual security. And will think even less about it in the future.

Why the door?

[The -e**(i*pi)]

wouldn't it be safer to have the 3 step process BEFORE the heavy door? I mean whats the point of the door if just anyone can walk through it to get to the security checkpoint.

Let's put it like this

[Moraelin]

Let's put it like this: the very same institutions "where a disruption will affect global markets and everything that follows" have, about a dozen times in the last year alone, copied sensitive data on some sales-guy's laptop and it got lost. Some of the very same institutions had got pwned and had zombies. Some of the very same institutions have offshored that kind of data to places where it's entirely out of their control, just because it was a couple of dollars cheaper. (And I don't mean just to India, but also EU banks discovering that their whole customer data is in the hands of Swift... who'll pretty much give it to anyone who asks. So they can't fulfill their _legal_ privacy obligations in the EU, much less whatever extra they promised their customers.) Some of the same institutions allowed personal laptops on the intranet without any extra checks. Some of the same institutions will cheerfully tell any data over the phone if you just claim to be someone else. At least one such institution was probed by leaving 20 virused USB sticks in front of the front door, once a day, and 17 of those got actually used. At least one got pwned by "janitors" connecting keylogger gizmos between each keyboard and the computer. Some of the very same institutions forgot to disable employees' logins after firing them... or had one login for the whole department on everything except the personal workstation, so there's no easy way to invalidate it for only one employee. Etc.

Do you honestly see no disconnect there?

Because from where I stand, it looks like building an anti-asteroid defense system on my roof, but leaving the front door open. Not just unlocked, but wide open. It's ensuring against a SF threat, but being blissfully oblivious to the real every day threat.

You want decent physical security? A normal building and a couple of guards can offer you just that. You don't need to be dug in 50 ft below the ground. Put it on the last floor, so it doesn't get flooded, too.

Even if they sent some ninjas/007/mission-impossible/whatever types to physically steal your data, noone's going to blow up your freakin' wall to get in. So whether it's 50 ft of mountain or 1 ft of concrete, it's irrelevant. Unless those computers are (A) not connected to anything outside the bunker, and (B) not serviced by any humans, there are _far_ easier ways to get to that data.

_That_ is why I'll call it ego masturbation. I'm not against sane physical security, but, please. When something is this disproportionately blown out of any proportion or usefulness, I have this gut feeling that there wasn't much (real) analysis done when choosing it.