This section applies to applying secure principles to data centers, server rooms, network operations centers and offices across an organization’s locations. While some areas must be more secure than others, you must apply secure principles throughout your site to maximize security and reduce risk. Crime Prevention through Environmental Design (CPTED) is a well known set of guidelines for the secure design of buildings and office spaces. CPTED stresses three principles:
- Natural Surveillance. Natural surveillance enables people to observe what’s going on around the building or campus while going about their day-to-day work. It also eliminates hidden areas, areas of darkness and obstacles such as solid fences. Instead, it stresses low or see-through fencing, extra lighting, and the proper place of doors, windows and walkways to maximize visibility and deter crime.
- Territoriality. Territoriality is the sectioning of areas based on the area’s use. For example, you might have a private area in the basement of your building for long-term company storage. It should be clearly designated as private, with signs, different flooring and other visible artifacts. The company’s parking garage should have signs indicating that it is private parking only. People should recognize changes in the design of the space and be aware that they might be moving into a private area.
- Access control. Access control is the implementation of impediments to ensure that only authorized people can gain access to a restricted area. For example, you can put a gate at the driveway to the parking lot. For an unmanned server room, you should have a secure door with electronic locks, a security camera and signs indicating that the room is off limits to unauthorized people.
The overall goal is to deter unauthorized people from gaining access to a location (or a secure portion of a location), prevent unauthorized people from hiding inside or outside of a location, and prevent unauthorized people from committing attacks against the facility or personnel. There are several smaller activities tied to site and facility design, such as upkeep and maintenance. If your property is run down, unkempt or appears to be in disrepair, it gives attackers the impression that they can do whatever they want on your property.