Data centers have always been secure, tightly controlled facilities, but 9/11 brought about changes that pushed IT and physical security to even higher levels.
Data centers today, particularly those serving as colocation facilities, are more likely to have multiple points of security that may include physical barriers such as crash-resistant fences and high-tech defenses such as biometric identification systems.
It's less likely today that backup and recovery data centers will be built near one another. And new data centers are more likely to be built outside of urban areas.
"Data center designers have always been mindful of security concerns," said Tad Davies, an executive vice president at Bick Group, an IT services provider whose work includes data center design. "What 9/11 caused us to do is think broader and on a massive scale."
Davies said he knows of one company that relocated its data center to a site that was within a four-hour drive of its backup data centers. The reason: It wanted to be certain that its IT staff could easily reach the facility by car in the event that air transportation was shut down, which is what happened on Sept. 11, 2001.
Kris Domich, who is the principal data center consultant at Dimension Data, an IT services provider, said that 9/11 helped increased the acceptable distance between primary and secondary locations. Instead of having the data centers within a relatively quick drive, minimum distances can range between 100 and 1,000 miles or more.
The events of 9/11 also prompted private companies and government agencies to question whether data centers should be located in urban areas. The attacks, Domich said, prompted executives to ask, "Why do we have the data center here, and do we need to have the data center here?"
There are other factors that influence where enterprises choose to build data centers, especially energy costs and concerns about natural disasters. But there are exceptions to everything. While companies like Apple and Google have built new data centers in relatively rural locations, Microsoft has opened a major data center in Chicago.
Ken Brill, founder of the Uptime Institute, said 9/11 revealed that many data centers of the major financial services companies were in locations that could not be easily secured. "The best defense remains site selection," Brill said. "Having acres of surrounding land is the best defense."
"The military uses 159 [feet] as the minimum separation between the outside walls of critical buildings and areas of public access," Brill said. "If this criterion were enforced in the private sector, tens of billions [of dollars] in data center investments would become obsolete overnight."
One example of the move toward stronger data center fortifications is the facility that NYSE Euronext recently opened in New Jersey. Located on a 28-acre site, it has a number of defenses, including a moat that protects part of the 400,000-square-foot complex.
Domich said that the need for stronger defenses has helped commercial data center providers, which have typically put a lot of focus on security.
One such firm is Vantage Data Centers in Santa Clara, Calif., which leases out data center space in a complex located on an 18-acre campus. Its facility is approximately 310,000 square feet.
Vantage CEO Jim Trout says the facility is surrounded by an eight foot-tall fence capable of stopping a car. Beginning with the gate, there are as many as seven points in the facility where visitors are checked. There are guards, biometric fingerprint identification systems, mantraps and cameras that all serve to limit access to the facility and keep track of visitors.
The facility also has redundant systems, including redundant electrical capacity, so if one system gets knocked out there's a backup to take its place, said Trout.
"There is no question," said Trout, that 9/11 affected the way data centers are secured.
Patrick Thibodeau covers cloud computing and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov, or subscribe to Patrick's RSS feed . His email address is firstname.lastname@example.org.