By Michael Fisher*
When it comes to securing data centres, there is no room for compromise by designers, builders, managers and owners.
The average cost of building one of these facilities in Australasia can be up around $10,000 a square metre, according to local project managers. This value is just the tip of the iceberg, especially when you factor in the value of the stored data and the costly liabilities associated with data breaches.
With investment costs of $8 million to $12 million per megawatt of IT load, data centre construction means building physically secure spaces for the vital technologies involved, including servers, power systems, cooling, and network gear.
Regardless of whether the data facility is enterprise-scale, colocation, cloud, or smaller-scale edge facility, all data centres are intensely capitalised projects with high stakes and zero room for errors, reconsideration and delay caused by poor choices.
Improving ROI at data centres means protecting the investment with properly planned and effectively layered security. Beyond the initial outlay, considerations must extend to the ongoing operational, maintenance, and upgrade costs, constituting the Total Cost of Ownership (TCO).
When safeguarding a data facility, critical decisions must be made regarding both cyber and physical security. A layered approach to the physical security component is paramount to address potential vulnerabilities.
As you progress inward from the entrance of a data centre to the heart of its operation where server racks reside, security measures become increasingly sophisticated and formidable to help thwart unauthorised access. Implementing multi-layered security entrances effectively mitigates the risks and potential financial pitfalls associated with data theft or loss of services.
The cost to deploy layered security entrances represents a fraction of the overall cost of a data centre, providing a robust physical security solution to better protect people, property, and valuable assets. The cost of not doing so is formidable.
What’s at stake
The physical security budgeting and management of a data centre must accomplish three basic things:
- Protect the sensitive and valuable data
- Ensure compliance with industry and government regulations
- Overcome rising energy, labour, and property costs
Achieving all three objectives within the same budget line item constitutes a significant victory.
This is where secured entry solutions come into play, aiding data centres in attracting customers by furnishing staff and facilities with the necessary tools to manage security effectively and mitigate ongoing costs.
Cost considerations
How can a secured entrance strategy contribute to cost savings and help future-proof a data centre?
Well-designed security entrances offer solid cost-reduction benefits, by integrating various access control systems and physical barriers into a cohesive, policy-driven framework. This operational efficiency enables staff to accomplish more with fewer resources, without compromising security.
Intelligent security entrances at data centres provide real-time intelligence, aiding in risk reduction and proactive threat mitigation. Embedded sensor systems yield unbiased data, empowering security personnel to predict and quantify infiltration risks effectively. Furthermore, future-proof designs maintain environmental conditions within data centres, preventing energy waste while supporting efficient building management.
From remote access management to automated check-ins, smart secured entrances optimise resource allocation and enhance customer service. Ultimately, deploying purpose-built solutions not only reduces security costs and ensures regulatory compliance, but also safeguards personnel safety and data integrity.
Secured physical entry plays a pivotal role in data security compliance
A well-planned security entrance strategy is thus a prudent CAPEX investment, offering rapid returns and becoming indispensable for modern data centres. Futureproofing a security entrance involves the same principles as IT and network infrastructure, like segmentation, redundancy, and automated issue resolution. This effectively makes secured entry designs future-proof, ensuring a low total cost of ownership (TCO) over the lifespan of the device.
Secured entry compliance
Beyond security, layered security entry solutions play a pivotal role in enabling compliance with a myriad of regulations and standards that are arriving on the doorsteps of data centre operators worldwide.
A landmark example of such statutory regulation in the US is the Gramm-Leach-Bliley Act, which requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
Data centre security in Australia, meanwhile, is regulated by legislation including the Privacy Act 1988, the Security of Critical Infrastructure Act 2018 (SOCI Act), and the Cyber Security Act 2023. Compliance involves meeting the Australian Privacy Principles (APPs) for personal data, implementing risk management programs for critical infrastructure, and adhering to government security standards for sensitive or classified information. Best practices and certifications like ISO 27001 for data centres are also supported by the Government.
Biometric recognition at speed gates governing access to data centre operational areas
In New Zealand, the Protective Security Requirements (PSR) and the New Zealand Information Security Manual (NZISM) are applied through the Public Cloud Data Centre Certification (PCDCC) for public cloud providers. Data privacy is also mandated by the Privacy Act 2020, which sets out Information Privacy Principles (IPPs) that apply to the handling of personal information.
In Papua New Guinea, a National Cyber Security Policy (established in 2021) outlines broad principles and governance for managing cyber risks, protecting critical infrastructure, and building resilience. As part of this policy, it identifies Critical National Information Infrastructure (CNII) components, with prioritisation of sectors such as telecommunications, government, utilities, and health.
More recently, PNG has completed a National Data Governance and Protection Policy (2024), intended to set out clear rules for collection, processing, sharing, retention, and protection of data across sectors, in line with global privacy norms.
Estimates for building data centres in nearby Asia-Pacific nations, including Australasia, provide a benchmark for costs in PNG.
By initiating automated compliance processes at entry/exit points, layered entrance solutions reduce security training and operating expenses, enhance operational sustainability, and protect sensitive data and stakeholders. Archival records and alarm retrieval functionalities simplify seamless compliance audits to ensure that regulatory requirements are consistently met.
Secured entry for energy efficiency
In addition to bolstering security, modern secured entry solutions also contribute to energy efficiency, which is an increasingly critical concern for data centres facing rising energy and water resourcing costs.
Traditional swing and sliding door entrances compromise energy efficiency by creating openings in the building envelope, allowing controlled internal atmospheres to escape and external air to infiltrate. However, security revolving doors and interlocking portals maintain airtight seals, minimising energy loss and enhancing contamination control.
Anywhere that stores valuable data is also at risk of attacks, either by terrorists or criminals, so it’s vital that only authorised personnel can enter data facilities
Secured entry for alarm management
Effective alarm management is essential for ensuring a data centre’s security infrastructure is protected.
Secured entry solutions such as full-height turnstiles, security revolving doors, and interlocking portals are designed to virtually eliminate door-forced open (DFO) and door-held-open (DHO) alarms, thereby minimising costly false alarms.
By automating user notifications and enforcing policies and procedures without reliance on manual intervention, these solutions optimise operational efficiency and enable personnel to focus on revenue-generating activities rather than remedial tasks.
Securing a data centre isn’t just about erecting barriers – it’s about investing in protection, efficiency, and peace of mind.
With advanced secured entry solutions serving as the cornerstone of a robust defence strategy, data centre operators can mitigate risks, ensure compliance, and optimise operational performance, all while safeguarding the integrity of their most valuable asset: information.
About the Author
*Michael Fisher is Managing Director of Boon Edam Australia, which is part of the privately owned international Royal Boon Edam group, which provides architectural revolving door and layered security solutions to some of the world’s largest companies, Fortune 500 companies, and companies in Australia, New Zealand, and Papua New Guinea including financial, data and telecommunications, Federal and State Government, hospitality, health and age care, logistics, retail, and distribution facilities. Boon Edam Australia operates under Master security licence number: 000104487
