We understand that data security demands more than antivirus programs and firewalls to guard against cybercriminals.
You need the assurance that the assets you house in data centers are protected from theft, vandalism, natural disasters, man-made catastrophes, accidental damage and other incidents. This requires physical security as well as technological support.
Our facilities make use of a full array of security tools including bollards, mantraps, access control systems and surveillance systems to make certain that your resources are protected from unexpected incidents or criminal activity. This strong defense environment acts as a fortress around your critical equipment and data.
With its interconnected network of colocation data center sites, Digital Realty meets the challenging security requirements of both public and private enterprises. We use robust, multi-factor authentication protocols combined with vetted authorization processes, to ensure only authorized persons are granted access to data center facilities.
To uphold our commitment to support the unique needs of each customer, we offer flexible security capabilities and work with you to equip your data center areas with best-in-market solutions.
Security is never a “set it and forget it” situation. It requires constant vigilance, both in terms of monitoring the facilities and regularly updating systems to reflect current best practices and developments. That’s why Digital Realty provides 24/7 security staff and each data center uses multiple systems, equipment and controls to monitor and record access throughout the facilities.
Our comprehensive security features include:
At Digital Realty, we know that properly protecting your valuable assets is fundamental to your organization's success. We make your success our top priority, so we take security very seriously.
Digital Realty has incorporated specifications into the design and management of our security systems that meet the rigid standards incorporated into the most relevant data center compliance programs, including SOC2, PCI-DSS and ISO 27001.
Our data centers also uphold safety requirements for fire protection. With this environment in place, you can have peace of mind that your resources are safeguarded with some of the best protection available.
A secure data center is fortified by the following components:
All of these elements must work together to ensure your valuable resources and services remain safe and operational.
Digital Realty has developed a comprehensive compliance program that addresses the needs and requirements of its customers. It includes standards and requirements that are most relative to the services Digital Realty provides for in-scope properties.
Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
This report meets the requirements of a broad range of users to understand internal controls at a service organization as they relate to security, availability, processing integrity, confidentiality and privacy. This report is developed according to the AICPA Guide: Reporting on Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy and is intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization who have a thorough understanding of the service organization and its internal controls.
Stakeholders can leverage this report for:
Digital Realty provides the SOC 2 report for the Security and Availability Principles for its owned and managed U.S. properties, and internationally as required.
The SOC 2 controls are based on a standard set of security criteria developed and issued by the AICPA in the Trust Services Principles and Criteria. The term "Trust Services" is defined as a set of professional attestation and advisory services based on a core set of principles and criteria addressing the risks and opportunities of IT-enabled systems and privacy programs.
Digital Realty demonstrates compliance with the Trust Services Principles of Security and Availability, by conducting a SOC 2 examination. The Security Principle states that the system is protected against unauthorized access (both physical and logical) while the Availability Principle demonstrates that the system is available for operation and use as committed to or agreed upon.
The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process — including prevention, detection and appropriate reaction to security incidents.
Digital Realty obtains an annual Report on Compliance for parts of Requirement 9 and 12 for its owned and managed U.S. properties and internationally as required. Attestation on Compliance is available for distribution to customers upon request.
Security and Privacy Controls for Federal Information Systems and Organizations
Special Publication 800-53 provides guidelines for selecting and specifying security controls for information systems supporting the executive agencies of the federal government.
Digital Realty’s SOC 2 reports contain mapping to the NIST SP 800-53 moderate controls, showing how these controls are addressed in the SOC 2 report.
The Monetary Authority of Singapore Act establishes a corporation to be known as the Monetary Authority of Singapore. It provides for the exercise of control over and the resolution of financial institutions and their related entities by the Monetary Authority of Singapore and other authorities, and establishes a framework for the issue of securities by the Monetary Authority of Singapore and the regulation of primary dealers.
MAS expects financial institutions to perform a Threat Vulnerability Risk Assessment (TVRA) on data centers in both Singapore and overseas, as long as the latter supports the financial institution’s Singapore operations.
Digital Realty undertook a TVRA study for its data center facilities in Singapore.
The ISO, world’s largest developer of voluntary International Standards, provides state of the art specifications for products, services and good practices, helping make industry more efficient and more effective. Developed through global consensus, ISO standards help break down barriers to international trade.
Digital Realty obtains ISO certifications for all international owned and managed properties, and will continue to add U.S. properties over time.
The Integrated Management System (IMS) assists with standardizing operations and reducing risk. It is an integral part of Digital Realty’s business model. Digital Realty’s Integrated Management System (IMS) includes the following standards under which our in scope properties are certified:
ISO 9001: Quality Management
ISO 27001: Information Security Management
ISO 14001: Environmental Management
ISO 50001: Energy Management
Digital Realty is committed to supporting its customers in their journey towards a Low Carbon Economy, the environmental benefit that this delivers, and corresponding reduction in operational costs.
The consumption of electricity presents the largest Environmental impact when providing Data Center facilities and, with our ambition to reinforce the existing ISO14001 accredited Environmental Management System, we are delighted to be adding an Energy Management System (EnMS), accredited to ISO50001, to an integrated management system that also covers Security (27001) and Quality (9001).
Following the common ISO convention of Plan, Do, Check, Act, the EnMS is designed to focus attention on operational energy demand, infrastructure efficiency and ongoing investment in energy management.
After baselining current performance, and following dialogue with customers, Digital Realty will deliver on the core ISO principle of continual improvement, targeting opportunities to reduce energy demand through improved housekeeping measures, low cost investment and evaluation of the benefit of funding higher value projects. In addition, the program can incorporate additional training and stakeholder awareness and, of course, contribute to the design and construction activities of new Digital Realty facilities.
ISO50001 certification is also a direct route to ESOS (Energy Savings Opportunities Scheme) compliance, and Digital Realty customers will enjoy exemption from this scheme for infrastructure deployed in a Digital Realty facility in the UK.
Applying to 12 European facilities.