Security & Compliance

A Secure Data Center

We understand that data security demands more than antivirus programs and firewalls to guard against cybercriminals. 

You need the assurance that the assets you house in data centers are protected from theft, vandalism, natural disasters, man-made catastrophes, accidental damage and other incidents. This requires physical security as well as technological support.

Our facilities make use of a full array of security tools including bollards, mantraps, access control systems and surveillance systems to make certain that your resources are protected from unexpected incidents or criminal activity. This strong defense environment acts as a fortress around your critical equipment and data.

With its interconnected network of colocation data center sites, Digital Realty meets the challenging security requirements of both public and private enterprises. We use robust, multi-factor authentication protocols combined with vetted authorization processes, to ensure only authorized persons are granted access to data center facilities.

To uphold our commitment to support the unique needs of each customer, we offer flexible security capabilities and work with you to equip your data center areas with best-in-market solutions.

24/7 support

Security is never a “set it and forget it” situation. It requires constant vigilance, both in terms of monitoring the facilities and regularly updating systems to reflect current best practices and developments. That’s why Digital Realty provides 24/7 security staff and each data center uses multiple systems, equipment and controls to monitor and record access throughout the facilities.

Our comprehensive security features include:

  • Remote camera monitoring backed by digital recordings, with retention that meets industry standards in conjunction with PCI-DSS related controls
  • CCTV integrated with access controls to provide event-driven capability
  • Smart-Card readers with biometric access authentication technology
  • Secured cabinets and cages
  • Comprehensive compliance and auditing programs
  • Visitor identity and authorization

The Digital Realty Difference

At Digital Realty, we know that properly protecting your valuable assets is fundamental to your organization's success. We make your success our top priority, so we take security very seriously.

Digital Realty has incorporated specifications into the design and management of our security systems that meet the rigid standards incorporated into the most relevant data center compliance programs, including SOC2, PCI-DSS and ISO 27001. 

Our data centers also uphold safety requirements for fire protection. With this environment in place, you can have peace of mind that your resources are safeguarded with some of the best protection available.

A secure data center is fortified by the following components:

  • Solid building construction
  • Suitable emergency preparedness
  • Reliable power supplies
  • Adequate climate controlled environment
  • Appropriate protection from intruders

All of these elements must work together to ensure your valuable resources and services remain safe and operational.


The Secure Data Center: An Integrative Approach to Achieving Holistic Security


The Data Deluge and Data Center Security


Three Myths about Cloud and Security


Digital Realty has developed a comprehensive compliance program that addresses the needs and requirements of its customers. It includes standards and requirements that are most relative to the services Digital Realty provides for in-scope properties.

Service Organization Controls 2 (SOC 2)

Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
This report meets the requirements of a broad range of users to understand internal controls at a service organization as they relate to security, availability, processing integrity, confidentiality and privacy. This report is developed according to the AICPA Guide: Reporting on Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy and is intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization who have a thorough understanding of the service organization and its internal controls.

Stakeholders can leverage this report for:

  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight

Digital Realty provides the SOC 2 report for the Security and Availability Principles for its owned and managed U.S. properties, and internationally as required.

The SOC 2 controls are based on a standard set of security criteria developed and issued by the AICPA in the Trust Services Principles and Criteria. The term "Trust Services" is defined as a set of professional attestation and advisory services based on a core set of principles and criteria addressing the risks and opportunities of IT-enabled systems and privacy programs.

Digital Realty demonstrates compliance with the Trust Services Principles of Security and Availability, by conducting a SOC 2 examination. The Security Principle states that the system is protected against unauthorized access (both physical and logical) while the Availability Principle demonstrates that the system is available for operation and use as committed to or agreed upon.

PCI-DSS: The Payment Card Industry Data Security Standards

The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process — including prevention, detection and appropriate reaction to security incidents.

Digital Realty obtains an annual Report on Compliance for parts of Requirement 9 and 12 for its owned and managed U.S. properties and internationally as required. Attestation on Compliance is available for distribution to customers upon request.


Security and Privacy Controls for Federal Information Systems and Organizations
Special Publication 800-53 provides guidelines for selecting and specifying security controls for information systems supporting the executive agencies of the federal government.

Digital Realty’s SOC 2 reports contain mapping to the NIST SP 800-53 moderate controls, showing how these controls are addressed in the SOC 2 report.

The Monetary Authority of Singapore Act

The Monetary Authority of Singapore Act establishes a corporation to be known as the Monetary Authority of Singapore. It provides for the exercise of control over and the resolution of financial institutions and their related entities by the Monetary Authority of Singapore and other authorities, and establishes a framework for the issue of securities by the Monetary Authority of Singapore and the regulation of primary dealers.

MAS expects financial institutions to perform a Threat Vulnerability Risk Assessment (TVRA) on data centers in both Singapore and overseas, as long as the latter supports the financial institution’s Singapore operations.

Digital Realty undertook a TVRA study for its data center facilities in Singapore.

International Organization for Standardization (ISO)

The ISO, world’s largest developer of voluntary International Standards, provides state of the art specifications for products, services and good practices, helping make industry more efficient and more effective. Developed through global consensus, ISO standards help break down barriers to international trade.

Digital Realty obtains ISO certifications for all international owned and managed properties, and will continue to add U.S. properties over time.

The Integrated Management System (IMS) assists with standardizing operations and reducing risk. It is an integral part of Digital Realty’s business model. Digital Realty’s Integrated Management System (IMS) includes the following standards under which our in scope properties are certified:

ISO 9001: Quality Management

  • Optimizing operation efficiencies and reduces expenditures for greater cost savings
  • Enhancing customer satisfaction
  • Identifying and encouraging more efficient, time saving processes
  • Highlighting deficiencies
  • Increasing standardization across the global portfolio
  • Providing for continuous assessment and improvement
  • Including provisions for business continuity

ISO 27001: Information Security Management

  • Giving customers and stakeholders confidence in how risk is managed
  • Allowing for secure exchange of information
  • Helping with compliance with other standards (SOX)
  • Minimizing exposure to risk
  • Creating consistency in service delivery

ISO 14001: Environmental Management

  • Reducing energy costs
  • Ensuring legislative awareness and compliance
  • Improving environmental impact of equipment
  • Protecting companies’ and customers’ assets
  • Decreasing insurance premiums
  • Reducing emissions and carbon foot print

ISO 50001: Energy Management

  • Reducing carbon foot print
  • Increasing energy cost savings
  • Increasing knowledge of equipment efficiencies
  • Improving operational efficiencies and maintenance processes
  • Reducing costs to customers
  • Improving corporate image

Compliance is core to our value proposition

Digital Realty is committed to supporting its customers in their journey towards a Low Carbon Economy, the environmental benefit that this delivers, and corresponding reduction in operational costs.

Our goal in this effort is to demonstrate a level of expertise and commitment to client success unmatched by competitors, expanding our already-comprehensive compliance program to encompass other regulatory standards most applicable to our enterprise-level and colocation data center clients.

Digital Realty integrates security into the value proposition of all its data center properties. By laying a strong process foundation with relevant controls; placing a premium on our people, matching their skills and training to client needs; and guaranteeing transparency and service-level commitments through unmatched compliance efforts, Digital Realty ensures that its clients can rely on its ability to provide a highly efficient, highly resilient mission-critical environment to meet their most stringent requirements.

After baselining current performance, and following dialogue with customers, Digital Realty will deliver on the core ISO principle of continual improvement by targeting:
  • Opportunities to reduce energy demand through improved housekeeping measures.
  • Low-cost investment and evaluation of the benefit of funding higher value projects. 

In addition, the program can incorporate additional training and stakeholder awareness, as well as, contribute to the design and construction activities of new Digital Realty facilities.

ISO50001 certification is also a direct route to ESOS (Energy Savings Opportunities Scheme) compliance, and as such, Digital Realty customers will enjoy exemption from this scheme for infrastructure deployed in a Digital Realty facility in the U.K.


Compliance and Clients


Mitigating Risk: The Other Side of Data Center Compliance