S 2.9 Computer centre
Description
In most organisations, all of the essential strategic and operative functions and tasks are supported heavily by information technology (IT) or cannot even be executed without IT. The IT systems of the organisation itself as well as their connections to external networks must be operated in an appropriate environment and with an adequate infrastructure since this is the only way to ensure the required IT availability. Furthermore, the performance requirements for these systems and the network environment are constantly increasing. To meet these performance requirements, ensure an adequate reserve capacity is available, and operate the IT economically, government agencies and companies of all sizes concentrate their IT landscape in computer centres.
A computer centre refers to the equipment (air conditioning, power supply, monitoring and alarm technology) and rooms (such as a computer room, rooms for the active network components, technology rooms, archive, storage room, break rooms, etc.) required for the operation of complex IT infrastructures (server and storage systems, systems for backing up data, active network components and telecommunication systems, central printing systems, etc.). The main difference between a computer centre and a server room is that the IT systems and the supporting infrastructure (electrical power supply, air conditioning technology, etc.) must be located in separate rooms in a computer centre. A computer centre should form a separate security area that is then further divided into organisationally and physically separate "Infrastructure" and "IT" security areas at a minimum. A computer centre is either manned continuously (by working in shifts) or there is an on-call service available (with or without remote administration capabilities) for the times the computer centre is not manned. Much more damage can be caused when processing data centrally in a computer centre than when using decentralised data processing due to high concentration of IT devices and data in a computer centre. Wherever a large computer system is used, the "Computer centre" module must be applied.
This module is intended primarily for mid-sized computer centres. The security requirements for such a computer centre lies somewhere between those for a server room or a server park and those for high-security computer centres such as those used in the banking industry, for example. In addition to the standard security safeguards listed here, which have proven themselves in practice, it will be necessary in most cases to implement additional, individual security safeguards that take the specific requirements and the particular environment into account (a risk analysis based on IT-Grundschutz can be used for this purpose, for example). The threat of terrorism and force majeure are only accounted for to a limited extent in the standard security safeguards described here.
On the one hand, the module is directed towards users who operate a computer centre and want to check in the framework of an audit if suitable standard security safeguards have been implemented. On the other hand, the "Computer centre" module can also be used to obtain a general overview of which security safeguards need to be implemented for secure operation when the IT is operated centrally in an average computer centre. To make the module easier to understand, technical details and planning variables were deliberately avoided. Even large IT departments should not build a new computer centre without taking the help of an experienced planning team or an expert planning and consulting company into consideration. When computer centre services are outsourced, then this module can be used to compare the security levels of the services offered by various service providers.
In contrast to the protection requirement of a server room (see the "Server room" module), many of the security safeguards for computer centres are not optional, but mandatory. Examples of such security safeguards include an adequate alarm system and an alternative power supply, for example. Common and proven safeguards for secure IT operations include installing smoke detection systems in rooms and under raised floors in computer and technology rooms, and even installing an automatic fire extinguishing system, if necessary.
Threat scenario
The following typical threats to the IT-Grundschutz of a computer centre are assumed to exist:
Force Majeure
T 1.2 | Failure of the IT system |
T 1.3 | Lightning |
T 1.4 | Fire |
T 1.5 | Water |
T 1.6 | Burning cables |
T 1.7 | Inadmissible temperature and humidity |
T 1.8 | Dust, soiling |
T 1.11 | The effects of catastrophes in the environment |
T 1.12 | Problems caused by big public events |
T 1.13 | Storm |
T 1.16 | Failure of patch fields due to fire |
Organisational Shortcomings
T 2.1 | Lack of, or insufficient, rules |
T 2.2 | Insufficient knowledge of rules and procedures |
T 2.4 | Insufficient monitoring of security safeguards |
T 2.6 | Unauthorised admission to rooms requiring protection |
T 2.11 | Insufficient route dimensioning |
T 2.12 | Insufficient documentation on cabling |
Technical Failure
T 4.1 | Disruption of power supply |
T 4.2 | Failure of internal supply networks |
T 4.3 | Failure of existing safety devices |
Deliberate Acts
T 5.3 | Unauthorised entry into a building |
T 5.4 | Theft |
T 5.5 | Vandalism |
T 5.6 | Attack |
T 5.16 | Threat during maintenance/administration work |
T 5.68 | Unauthorised access to active network components |
T 5.102 | Sabotage |
Method recommendation
To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.
When selecting and designing a computer centre, a series of infrastructural and organisational safeguards must be implemented. These safeguards are described in S 1.49 Technical and organisational requirements for the computer centre. It is necessary to follow different approaches for certain safeguards depending on whether the computer centre will be set up in a new building to be constructed, in an existing building, or in a building that will be leased. When using or leasing an existing building, the ability to implement adequate information security is often much more limited. The steps to take when designing a computer centre as well as the safeguards to implement in each step are listed in the following.
Planning and design
A basic principle applied when planning a computer centre is the separation of the infrastructure technology and the IT technology. Separate rooms must be provided for the IT systems and the supporting technology (power distributors, UPS systems, air conditioning systems, etc.). Based on this, a series of safeguards must be implemented for the power supply installation, the air conditioning system, and for fire and smoke prevention to ensure that sufficient physical security is provided. This also includes ensuring that no water pipes run through the computer centre (if this is possible) since leaks can cause large amounts of damage and can even lead to the failure of the entire information system. Physical protection also includes ensuring a computer centre is placed in a separate fire zone in the building, if possible. It should not be possible to identify the computer centre as such from outside.
In general, sufficient redundancy in the technical infrastructure and a secondary power supply should be planned to compensate for failures of individual equipment. Precautions must be taken to ensure any eventual damage is detected as early as possible so that suitable measures can be taken as quickly as possible to keep the spread of damage to a minimum by installing monitoring equipment, a remote malfunction display system, and a suitable extinguishing technology.
Implementation
Only those persons who need direct access to servers and other devices installed in the computer centre such as communication distributors, firewalls, etc., to perform their tasks should be granted access to the IT rooms. Access to all rooms in the security area, for example to service technical equipment or to clean the rooms, must be regulated in detail so that only trustworthy personnel have access, and this only when under supervision. It should be taken for granted that current infrastructure and construction plans of the computer centre are available and that smoking is prohibited in the computer centre. Large amounts of printer paper must be stored outside of the computer centre in a different fire zone to reduce the fire load.
Operation
Computer centres should always be locked when unoccupied. People who need access to the technical infrastructure for maintenance work, for example, should be accompanied when in the security area. It must be ensured that alarms from the monitoring and alarming technology are forwarded in a manner enabling a sufficiently fast response, and this also needs to be checked regularly.
Contingency Planning
Since security safeguards that are not practised regularly will not function properly in an emergency, regular fire drills are necessary. Fire drills also help to ensure the alert plans are up to date. To gain access quickly to vitally important data after suffering significant damage, such data should be backed up regularly to a separate emergency archive.
The bundle of security safeguards for a computer centre is presented in the following.
Planning and design
S 1.3 | (A) | Appropriate segmentation of circuits |
S 1.7 | (A) | Hand-held fire extinguishers |
S 1.10 | (Z) | Safe doors and windows |
S 1.12 | (A) | Avoidance of references to the location of building parts requiring protection |
S 1.13 | (Z) | Layout of building parts requiring protection |
S 1.18 | (Z) | Intruder and fire detection devices |
S 1.24 | (C) | Avoidance of water pipes |
S 1.25 | (B) | Overvoltage protection |
S 1.26 | (W) | Emergency circuit-breakers |
S 1.27 | (B) | Air conditioning of the technology / in technology rooms |
S 1.31 | (Z) | Remote indication of malfunctions |
S 1.47 | (B) | Separate fire zone |
S 1.48 | (B) | Fire alarm system in the computer centre |
S 1.49 | (A) | Technical and organisational requirements for the computer centre |
S 1.50 | (C) | Smoke protection |
S 1.52 | (Z) | Redundancy, modularity, and scalability in the technical infrastructure |
S 1.53 | (Z) | Video surveillance |
S 1.54 | (Z) | Early detection of fires / fire extinguishing technology |
S 1.55 | (Z) | Perimeter protection |
S 1.56 | (A) | Emergency power system |
S 1.62 | (C) | Fire protection of patch panels |
S 1.70 | (A) | Central uninterruptible power supply |
Implementation
S 1.57 | (A) | Up-to-date infrastructure and building plans |
S 2.21 | (A) | Ban on smoking |
S 2.212 | (B) | Organisational requirements regarding cleaning contractors |
S 2.213 | (A) | Inspection and maintenance of the technical infrastructure |
Operation
S 1.15 | (A) | Closed windows and doors |
S 1.23 | (A) | Locked doors |
S 1.71 | (C) | Function tests of the technical infrastructure |
S 1.72 | (Z) | Construction projects during ongoing operations |
S 1.73 | (A) | Protecting a computer centre from unauthorised entry |
Contingency Planning
S 6.17 | (A) | Alert plan and fire drills |
S 6.74 | (Z) | Emergency archive |