Chicago colocation facility robbed - again
I just read this story about a colocation facility that was robbed for the fourth time in just two years, and I had to laugh at the absurdity of it.
C I Host provides more than 250,000 consumers and small- and medium-sized business in 190 countries with managed web hosting, dedicated server and colocation services.
According to one report, “During the robbery, C I Host’s night manager was repeatedly tazered and struck with a blunt instrument. After violently attacking the manager, the intruders stole equipment belonging to C I Host and its customers…At least 20 data servers were stolen, said Patrick Camden, deputy director of news affairs for the Chicago Police Department.”
The company’s Family Colocation offering promises to house equipment in a secured 144 sq. ft suite inside one of C I Host’s data centers.
The website states “Your machine will be housed inside a SECURED (I didn’t put the caps on, they did) shared co-location area.”
According to Migration Solutions, acts of theft, fraud and vandalism in the data center are three times more likely to be an ‘inside job’ than perpetrated by someone who’s unconnected with the facility. Furthermore, around 65% of data center security incidents are driven by malicious intent rather than economic gain, and perpetrators are normally disgruntled current or ex-employees, Migration Solutions reported.
The fact that this facility, which is not some two-bit operation, has seen four robberies in such a short period of time seems ridiculous. I am interested in feedback from the industry on this.
Posted: November 5th, 2007 under Uncategorized, Data center physical infrastructure, Data center room design and site selection, Data center physical security.
One of our metro ethernet suppliers had their datacenter broken into in an identical fashion. Sawzall through the wall then grab a pile of equipment and run. I’m surprised the copper thieves haven’t discovered datacenters yet either. There is several grand worth of copper in the form of drain pipes for the water chillers in the building next to us just hanging there waiting to be taken… no need to smash and grab, or tazer anybody either.
So long as facilities are unmanned, this will happen. The concepts of a “lights out” facility and a “secure facility” are in so many ways mutually exclusive. Cameras don’t do anything to prevent thefts, they merely record it. Most datacenter facilities I have visited make a show of security, but don’t really stand up to serious scrutiny from a security standpoint. The “rent-a-cop” types that they hire to work there are not really qualified to act as security gatekeepers. Minimum wage, barely passable language skills, and complete ignorance with regards to the equipment they are charged with guarding is what I’ve seen, at major players from Exodus (RIP) to InterNAP.
Additionally some of the design criteria for what makes a “good” datacenter frequently lower the security aspects of that facility. For example: At-grade floors for maximum weight capacity means easy access for the potential theives’ truck and sawzall.
What bothers me most about THIS PARTICULAR situation though is the fact that the Colocation provider lied to their customers about the true nature of the issue. They blamed a router issue for the apparent outage. What good does that do anyone? Customer equipment was gone. I can’t imagine them maintaining any credibility in the marketplace after this has come to light.
–chuck
http://chuck.goolsbee.org
Comment by cgoolsbee — November 5, 2007 @ 1:57 pm
Customer data stored at this site apparently rates low-level security considering that this is the fourth robbery within two years. Such incidents should cause business managers and retail consumers to rethink data storage/retention.
As a Systems Analyst and later Information Systems VP my assertion has been that the biggest threat to computerized systems are the holders of the keys: that being we IT people. That being said it is irresponsible of business managers to make one or a handful of people responsible for the information the company relies upon for its life and that of its customers.
In times past a worker would impratically have to carry out equipment that even a mole could spot walking out the door. Today there are just too many ways this could happen without anyone noticing except save those within the inner circle. The loss of certain data could cause companies to fold entirely.
Security, the term, should carry more weight from an operational standpoint before it is handed off to marketing.
Comment by John D Levine — November 6, 2007 @ 1:47 pm
It’s CI-Host, what do you expect?
Comment by Tim — November 6, 2007 @ 3:57 pm
they’ll Just have to move their data centers to rural america where crime is almost unheard of. http://chicago.craigslist.org/chc/off/469973901.html
Comment by Randy — November 8, 2007 @ 8:55 pm
“It’s CI-Host, what do you expect?”
Many small and micro businesses it seems to me keep shooting themselves in the foot because of that very attitude; what do they (our customers) expect?
As if being a small company implies laxed behaviours and attitudes towards their supposed business objective - that which they tell the customer.
Continual failures in the same process signals somethings wrong in the process or the pre-process. But just to dismiss it with ‘well we’re a small company’ is indicative of a lack of operational integrity and laziness on the part of the organization. Instead of ensuring growth by producing a better product through better processes they ensure stagnation through complacency and comfort in the crowd of mediocrity.
The best companies started as micro companies. In my opinion the difference between those companies and those that remain micro sized is the tenacity with which their objectives are achieved and delivered.
Comment by John D Levine — December 19, 2007 @ 10:42 am