Backup plans: security is nothing new for data centers.

• Author: Marks, Susan J.

BEHIND A LOCKED SECURITY door, an attendant watches a bank of TV monitors that connect to video cameras that scan the room. Access is restricted to a few authorized visitors who must pass through a biometrics device to verify their identity before entering. In this case, it's a hand scan, but it also could be a retinal scanning device. Once inside, visitors must log in and out and wear a special ID.

No, you're not visiting a military installation in Colorado Springs, or the mint in downtown Denver.

It's an Internet data-storage center or IDS, an off-site, often third-party owned-and-operated facility that many companies, large and small, count on for data storage, backup of mission-critical applications, disaster recovery and more.

Such security is nothing new for these centers. Despite the hype about security since the tragedies of Sept. 11, in general little has changed as far as security procedures and policies at IDS centers. From the aspect of physical security, perhaps there are a few more doors closed and a few more people have been booted off the access-control roster, says Pete Lindstrom, director of security strategies for Hurwitz Group, a Framingham, Mass.-based analyst, research and consulting firm.

And from the standpoint of protecting the networks of private companies, there generally is a little more understanding, but not a lot, he adds. "I don't think that 9-11 has driven any spikes into the purses and pocketbooks of corporate America to start spending a whole lot of money on security.... But we also have short memories and the economic pressures of the times don't really help."

Data-center security includes both physical security measures like access control, and protecting the data center's network from cyber-attack. But, while the latest and hottest biometrics used for access control may get the most press, they are not necessarily as important to a data center, or its customer, as protecting applications on the network.

"The more effective security is securing your application and providing managed firewalls, providing virus scanning, intrusion detection services that protect you from the network itself," says Yousif Asfour, CTO and vice president of engineering at Inflow Inc. Based in Denver, Inflow is a managed hosting service and operator of 18 Internet data centers around the country.

Security always has been at the forefront for data centers.

"9-11 was just a wakeup call to the rest of the world," says Asfour.

That...