DataCentreNews UK - Specialist news for cloud & data centre decision-makers
United Kingdom

Guides

#
disaster recovery
#
multi-cloud
#
power / energy
#
software defined wide area network
#
storage

Search

Ps securitas uk headshots
#
Firewalls
#
Data Protection
#
Surveillance

Beyond the firewall: the physical threats to your data centre security

Fri, 15th Aug 2025
By Securitas UK

Data centres often house critical computer systems like servers, storage, and networking equipment, representing an ever-evolving security risk that threatens business continuity, data integrity, and confidentiality. Last year, the government designated data centres as critical national infrastructure, highlighting the need for robust, multi-layered security strategies. Gary Agnew, Head of Solutions and Brian Ruddock, Director of Security Risk Management, Securitas UK, share their insights.

When considering data centre security, cyber-attacks often dominate the conversation. Yet physical threats, such as theft, vandalism, arson and non-hostile activity such as power failures or overheating, are all substantial risks. Social engineering can also pose a significant physical risk for data centres where individuals are manipulated into divulging sensitive information or granting unauthorised access. All these types of attacks can cause data loss, downtime, and severe operational disruption.

Critical infrastructure demands the highest level of protection

Data centres typically house critical computer systems for multiple businesses, including high-powered servers, networking infrastructure, power supply and power backup systems, as well as HVAC (Heating, Ventilation, and Air Conditioning) systems. This environment is highly controlled, with precise regulation of temperature, humidity, and airflow to ensure optimal performance and prevent equipment failure or disruption.

Since their categorisation as critical national infrastructure in late 2024, data centres and those responsible for them face enhanced expectations and requirements1 around their security, including strict fire and safety standards, data protection requirements, electrical safety compliance and alignment with sustainability goals.

The costs of inadequate data centre security 

Physical breaches, whether caused by an attack or a natural disaster, carry serious and wide-ranging consequences that can cripple organisations, leaving both the business and its customers exposed. This might look like:

  • Confidential data leaks and credential exposure, leading to reputational damage and loss of customer trust
  • Website and app outages, resulting in loss of revenue (especially for eCommerce or SaaS companies)
  • Loss of data where offsite backups don't exist, which could bring operations to a standstill

A blended security approach

Data centres are a prime example of where both physical and digital assets converge. These complex, technology-driven infrastructures are the lifeblood of modern-day businesses. It is well known that physical vulnerabilities can often lead to further and more significant cyber-attacks on a business. Therefore, a blended approach to security must leave no vulnerabilities on either side of the physical/digital divide. Data centres are best protected when technology is coupled with human input. 

Data centres must be restrictive on who is allowed to access, allowing authorised personnel only into permitted areas. Robust access control systems are critical in ensuring only those with a legitimate need and appropriate clearance can enter. This includes swipe cards or biometric scanners such as fingerprint or iris recognition.

Remote monitoring, coupled with alarm response, ensures a data centre is protected 24/7. CCTV surveillance and monitoring can record patterns of activity, resulting in predictive analytics that can look for patterns of suspicious activity. This could prevent an attack or mitigate the damage of a resultant attack. Personnel who are trained in threat detection and security protocols are equipped to identify potential threats in real-time and to deploy teams immediately where required. Again, limiting the fall-out from an attack. 

On-site security officers and mobile patrols also provide further physical security assurances. Trained to understand the layout of a site intimately and well-versed in site-specific protocols, personnel can often detect or react at the first small signs of any unusual activity by company staff, contractors or visitors. This boots-on-the-ground presence can often act as a deterrent against future attacks or alert first responders to the early signs of a security breach unfolding.   

Data centres are known to be a large fire risk, due to the need to continuously cool them. Risk of overheating is also increased when personnel inadvertently skip measures put in place to mitigate those fire risks. This can result in extreme and irreparable damage. Thus, it is essential to safeguard data centres by conducting thorough fire risk assessments as well as delivering continuity planning, crisis management, and fire safety strategies.

Getting ahead of the risk – preparation is paramount 

With security risk, it is paramount to prepare. This begins with cultivating a deep understanding of security risks through:

  • Risk assessments – identifying weak spots and vulnerabilities so they can be addressed and resolved where possible before they are exploited
  • Resilience management – ensuring security across separate communications routes into the data centre, diverse power and backup supply, security of the building service rooms, adequate people resources to manage an incident, and a resilient and diversified supply chain
  • Robust access control – risk assessing and strictly limiting access to the data hall, MMR (meet me rooms), and building service rooms. Escorting and ensuring people screening, pass management, permit-to-work logs, and work signoffs
  • Incident response plans – ensuring swift action during an incident and that everyone is clear on their roles and responsibilities
  • Audits and resilience testing – demonstrating compliance with critical infrastructure regulations
  • Regular training – ensuring all personnel are up to date on security and emergency protocols
  • Emergency drills – practising exercises to prepare teams for coordinated responses, often including collaboration with the authorities

Businesses must keep pace with the data centre evolution  

As the world's reliance on data intensifies, data centres are rapidly expanding in complexity and importance – meaning that security must evolve too. Security of data centres must involve a multi-layered strategy that combines advanced technology with skilled personnel to best mitigate risk.

By adopting this unified approach, data centres can not only comply with relevant regulations but also build resilience, safeguard critical infrastructure, protect sensitive data, and ensure business continuity.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Why Zero Trust is now vital for distributed SQL data
Vertiv launches modular AI cooling for dense data centres
Modular island data centre boosts satellite backbone
Catalogic updates DPX with web-based tape management
UK MoD taps Oracle cloud to modernise legacy systems

Top stories

StorMagic & QBS expand EMEA edge virtualisation reach
Nomad Futurist, DE-CIX expand free digital infra training
Opengear debuts CM8000 & OM1300 for outage recovery
Auditoria boosts UK, EU growth with new data hubs, hire
UK cyber plan tackles state threats & ransomware