Security & Compliance

A Secure Data Centre

We understand that data security demands more than antivirus programmes and firewalls to guard against cybercriminals. 

You need the assurance that the assets you house in data centres are protected from theft, vandalism, natural disasters, man-made catastrophes, accidental damage and other incidents. This requires physical security as well as technological support.

Our facilities make use of a full array of security tools including bollards, mantraps, access control systems and surveillance systems to make certain that your resources are protected from unexpected incidents or criminal activity. This strong defence environment acts as a fortress around your critical equipment and data.

With its interconnected network of colocation data centre sites, Digital Realty meets the challenging security requirements of both public and private enterprises. We use robust, multi-factor authentication protocols combined with vetted authorisation processes, to ensure only authorised persons are granted access to data centre facilities.

To uphold our commitment to support the unique needs of each customer, we offer flexible security capabilities and work with you to equip your data centre areas with best-in-market solutions.

24/7 support

Security is never a “set it and forget it” situation. It requires constant vigilance, both in terms of monitoring the facilities and regularly updating systems to reflect current best practices and developments. That’s why Digital Realty provides 24/7 security staff and each data centre uses multiple systems, equipment and controls to monitor and record access throughout the facilities.

Our comprehensive security features include:

  • Remote camera monitoring backed by digital recordings, with retention that meets industry standards in conjunction with PCI-DSS related controls
  • CCTV integrated with access controls to provide event-driven capability
  • Smart-Card readers with biometric access authentication technology
  • Secured cabinets and cages
  • Comprehensive compliance and auditing programmes
  • Visitor identity and authorisation

The Digital Realty Difference

At Digital Realty, we know that properly protecting your valuable assets is fundamental to your organisation's success. We make your success our top priority, so we take security very seriously.

Digital Realty has incorporated specifications into the design and management of our security systems that meet the rigid standards incorporated into the most relevant data centre compliance programmes, including SOC2, PCI-DSS and ISO 27001. 

Our data centres also uphold safety requirements for fire protection. With this environment in place, you can have peace of mind that your resources are safeguarded with some of the best protection available.

A secure data centre is fortified by the following components:

  • Solid building construction
  • Suitable emergency preparedness
  • Reliable power supplies
  • Adequate climate controlled environment
  • Appropriate protection from intruders

All of these elements must work together to ensure your valuable resources and services remain safe and operational.

Whitepaper

The Secure Data Centre: An Integrative Approach to Achieving Holistic Security

Blog

The Data Deluge and Data Center Security

Blog

Three Myths about Cloud and Security

Compliance

Digital Realty has developed a comprehensive compliance programme that addresses the needs and requirements of its customers. It includes standards and requirements that are most relative to the services Digital Realty provides for in-scope properties.

Service Organisation Controls 2 (SOC 2)

Report on Controls at a Service Organisation Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
This report meets the requirements of a broad range of users to understand internal controls at a service organisation as they relate to security, availability, processing integrity, confidentiality and privacy. This report is developed according to the AICPA Guide: Reporting on Controls at a Service Organisations Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy  and is intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organisation who have a thorough understanding of the service organisation and its internal controls. 

Stakeholders can leverage this report for:

  • Oversight of the organisation
  • Vendor management programmes
  • Internal corporate governance and risk management processes
  • Regulatory oversight

Digital Realty provides the SOC 2 report for the Security and Availability Principles for its owned and managed U.S. properties, and internationally as required.

The SOC 2 controls are based on a standard set of security criteria developed and issued by the AICPA in the Trust Services Principles and Criteria. The term "Trust Services" is defined as a set of professional attestation and advisory services based on a core set of principles and criteria addressing the risks and opportunities of IT-enabled systems and privacy programmes.

Digital Realty demonstrates compliance with the Trust Services Principles of Security and Availability, by conducting a SOC 2 examination. The Security Principle states that the system is protected against unauthorised access (both physical and logical) while the Availability Principle demonstrates that the system is available for operation and use as committed to or agreed upon.

PCI-DSS: The Payment Card Industry Data Security Standards

The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organisations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process — including prevention, detection and appropriate reaction to security incidents.

Digital Realty obtains an annual Report on Compliance for parts of Requirement 9 and 12 for its owned and managed U.S. properties and internationally as required. Attestation on Compliance is available for distribution to customers upon request.

FISMA NIST SP 800-53

Security and Privacy Controls for Federal Information Systems and Organisations
Special Publication 800-53 provides guidelines for selecting and specifying security controls for information systems supporting the executive agencies of the federal government.

Digital Realty’s SOC 2 reports contain mapping to the NIST SP 800-53 moderate controls, showing how these controls are addressed in the SOC 2 report.

The Monetary Authority of Singapore Act

The Monetary Authority of Singapore Act establishes a corporation to be known as the Monetary Authority of Singapore. It provides for the exercise of control over and the resolution of financial institutions and their related entities by the Monetary Authority of Singapore and other authorities, and establishes a framework for the issue of securities by the Monetary Authority of Singapore and the regulation of primary dealers.

MAS expects financial institutions to perform a Threat Vulnerability Risk Assessment (TVRA) on data centres in both Singapore and overseas, as long as the latter supports the financial institution’s Singapore operations.

Digital Realty undertook a TVRA study for its data centre facilities in Singapore.

International Organisation for Standardisation (ISO)

The ISO, world’s largest developer of voluntary International Standards, provides state of the art specifications for products, services and good practices, helping make industry more efficient and more effective. Developed through global consensus, ISO standards help break down barriers to international trade.

Digital Realty obtains ISO certifications for all international owned and managed properties, and will continue to add U.S. properties over time.

The Integrated Management System (IMS) assists with standardising operations and reducing risk. It is an integral part of Digital Realty’s business model. Digital Realty’s Integrated Management System (IMS) includes the following standards under which our in scope properties are certified:

ISO 9001: Quality Management

  • Optimising operation efficiencies and reduces expenditures for greater cost savings
  • Enhancing customer satisfaction
  • Identifying and encourages more efficient, time saving processes
  • Highlighting deficiencies
  • Increasing standardisation across the global portfolio
  • Providing for continuous assessment and improvement
  • Including provisions for business continuity

ISO 27001: Information Security Management

  • Giving customers and stakeholders confidence in how risk is managed
  • Allowing for secure exchange of information
  • Helping with compliance with other standards (SOX)
  • Minimising exposure to risk
  • Creating consistency in service delivery

ISO 14001: Environmental Management

  • Reducing energy costs
  • Ensuring legislative awareness and compliance
  • Improving environmental impact of equipment
  • Protecting companies’ and customers’ assets
  • Decreasing insurance premiums
  • Reducing emissions and carbon foot print

ISO 50001: Energy Management

  • Reducing carbon foot print
  • Increasing energy cost savings
  • Increasing knowledge of equipment efficiencies
  • Improving operational efficiencies and maintenance processes
  • Reducing costs to customers
  • Improving corporate image
Digital Realty is committed to supporting its customers in their journey towards a Low Carbon Economy, the environmental benefit that this delivers, and corresponding reduction in operational costs.

The consumption of electricity presents the largest Environmental impact when providing Data Center facilities and, with our ambition to reinforce the existing ISO14001 accredited Environmental Management System, we are delighted to be adding an Energy Management System (EnMS), accredited to ISO50001, to an integrated management system that also covers Security (27001) and Quality (9001).

Following the common ISO convention of Plan, Do, Check, Act, the EnMS is designed to focus attention on operational energy demand, infrastructure efficiency and ongoing investment in energy management.

After baselining current performance, and following dialogue with customers, Digital Realty will deliver on the core ISO principle of continual improvement, targeting opportunities to reduce energy demand through improved housekeeping measures, low cost investment and evaluation of the benefit of funding higher value projects. In addition, the program can incorporate additional training and stakeholder awareness and, of course, contribute to the design and construction activities of new Digital Realty facilities.

ISO50001 certification is also a direct route to ESOS (Energy Savings Opportunities Scheme) compliance, and Digital Realty customers will enjoy exemption from this scheme for infrastructure deployed in a Digital Realty facility in the UK.

Applying to 12 European facilities.
Paul Cranfield, Director, Power

Whitepaper

Compliance and Clients

Blog

Mitigating Risk: The Other Side of Data Center Compliance