4.7.1. Site Selection and Perimeter Controls
💡 First Principle: The best physical security starts at site selection — before any construction or hardware is deployed. A data center built on a flood plain, near a flight path, or in a high-crime area will always have higher physical risk than one built on well-selected site. Physical security investment is most effective when layered from the outside in.
Site selection criteria:
| Factor | Security Consideration |
|---|---|
| Natural hazards | Flood zones, earthquake fault lines, tornado corridors, hurricane zones — select lowest-risk region |
| Crime rate | Physical attacks, theft, vandalism correlate with local crime environment |
| Infrastructure | Redundant power (multiple utility feeds from different substations), redundant communications (multiple ISPs, diverse physical paths) |
| Proximity to hazards | Distance from airports (crash risk), chemical plants, military installations, high-profile targets |
| Visibility | Avoid high-profile locations that draw attention; nondescript buildings are less likely to be targeted |
| Access control feasibility | Can the perimeter be secured? Are there natural access limitation features? |
Physical security control layers (outside-in):
Key physical control mechanisms:
| Control | Type | Description |
|---|---|---|
| Fencing | Preventive | 8-foot chain link with barbed wire deters casual intrusion; anti-climb features for higher security |
| Bollards | Preventive | Concrete/steel posts prevent vehicle ramming attacks on building |
| Lighting | Detective/Deterrent | Eliminates shadows where attackers hide; deters opportunistic crime |
| CCTV | Detective | Video surveillance of perimeter and interior; must retain footage per policy |
| Access badges | Preventive | Card-based physical access control; should not display clearance level (social engineering risk) |
| Biometrics | Preventive | Fingerprint, iris, retina, facial recognition — high assurance; enrollment and revocation require process |
| Man-trap / Airlock | Preventive | Two-door entry vestibule where first door must close before second opens; prevents tailgating |
| Guards | Preventive/Detective | Human judgment for anomalies CCTV/sensors miss; required for security-sensitive environments |
| Motion sensors | Detective | PIR, microwave, or dual-tech sensors detect movement in restricted areas after hours |
| Intrusion detection | Detective | Door/window contact sensors, glass break detectors, vibration sensors |
CPTED (Crime Prevention Through Environmental Design) — design physical environments to reduce opportunity for crime:
- Natural surveillance: sightlines that maximize ability to see unauthorized activity
- Natural access control: use landscaping, lighting, and design to guide people toward controlled entry points
- Territorial reinforcement: clear demarcation of public vs. private areas (signals ownership and deters trespass)
Visitor management:
- All visitors must sign in with government-issued ID
- Visitor badges must be visually distinct from employee badges
- Visitors must be escorted by an employee at all times in secure areas
- Visitor access logged with purpose of visit, escort name, time in, time out
⚠️ Exam Trap: Tailgating (following an authorized person through a controlled door) is one of the most common physical security bypasses. Man-traps prevent it mechanically. Training and culture address it behaviorally ("challenge anyone without a visible badge"). Neither alone is fully effective — both are needed.
Reflection Question: A data center uses badge access on all doors, CCTV coverage, and a staffed reception desk. During an audit, the physical security assessor tailgated through three secure doors without challenge. Which controls are clearly insufficient, and what specific enhancements to policy, technology, or physical design would address the gap?
