It’s a question that can cause a lot of discomfort but bears asking: “How secure are your data center’s assets?” Asset theft isn’t supposed to happen at a time when most facilities market their security solutions as a selling point, but it occurs nonetheless. Whether you’re the owner/operator of a data center or if your equipment is installed at a colocated facility, there remains a degree of risk that your assets will disappear, either by accident or with malicious intent.

When we think of threats to data centers, we generally focus on outside-in: fluid intrusions, cybercrime (DDoS attacks), or weather events and natural disasters. Even when internal concerns are brought-up, the causes are usually accidental: a UPS system or CRAC failure, faulty IT equipment, or old fashioned human error. However, asset theft happens more often than we’d like to admit.

As reported by The Stack, a 2016 Information Security & Data Breach Report by Navigant estimates that between “66-75% of information breaches stem from more ‘hands-on’ activities including the outright theft of servers and hardware, unauthorized access or use of computers and servers, and damage caused by the loss and/or improper disposal of equipment.“ Even more alarmingly, the article goes further to estimate “…that physical security breaches in data centres are nearly 10-12 times higher than companies are actually reporting to the general public.” The issue is simply too big for any business that relies on data centers to store their information or host their applications to ignore.  

Whether your data center is the driving force of your business or an internal support, asset theft is an issue that can have profound repercussions. Take a moment to think about the repercussions, as there are no good outcomes:

  • In a best case scenario, new but unused equipment is stolen from the data center. If the loss is caught quickly, the only costs are related to the replacement of the equipment (and perhaps headaches in dealing with the insurance company). However, losses often aren’t detected until a critical moment when the new equipment needs to be installed, resulting in downtime while the replacement items are secured, breaches in customer SLA’s, and broader damage to your brand and reputation.
  • In the worst case scenario, servers are stolen that contain highly sensitive data: financial information from banks, health records from medical facilities, etc. In this instance, repercussions are swift and likely to put you out of business: fines and penalties from the customer, larger fines and penalties from the government, and a wealth of damage to your brand and reputation that you likely will never recover from--would you ever trust a facility again that makes such a grave mistake?

It doesn’t matter what security procedures are in place, how many man traps are integrated into the building’s layout or whether you have key card versus biometric locking mechanisms (although all are surely important); one of the most basic steps to preventing asset theft is the use of real-time monitoring of your equipment. Whether simply misplaced or taken for criminal gain, an automated asset management solution that provides real-time updates and alerts to the data center staff will stop any malfeasance at its start. If you have to rely on a regularly scheduled manual audit to account for your most valuable equipment, the risk is far too great that your assets will be gone before you even know that they’re missing. At a time when criminals have become more sophisticated and Information Technology is of such high value, shouldn’t your data center reflect that same level of dedication on the security of its most important assets?

These types of Real-time solutions are available and can make the difference in knowing whether a rack of servers is ready to be installed or being walked off the loading dock. When it comes to asset theft, integrating real-time monitoring measures is the difference between being proactive and reactive, which is why they should always be the cornerstone of your security plan.