What security should a data centre provide?

Data centre security covers everything from who can walk through the door to how the facility responds to a power failure at 3am. For organisations housing critical infrastructure, understanding what security a data centre should provide is as important as evaluating connectivity or pricing. Pulsant operates 14 UK data centres built to enterprise security standards, holding ISO 27001, PCI DSS and Cyber Essentials accreditations across the estate. This FAQ covers the security layers you should expect from a well-run facility

Q: What physical security measures should a data centre have?

A: A secure data centre should operate multiple layers of physical access control, typically including perimeter fencing, manned security, biometric or card-based entry systems, mantrap lobbies, and individually locked cages or suites within the facility. Each layer should restrict access to authorised personnel only, with visitors logged and escorted at all times. Physical security is the first line of defence: if someone can walk in unchallenged, every other security measure is secondary.

Q: How do data centres control who can access their facilities?

A: Access control in a well-run data centre is role-based and auditable. Entry to the building, to individual halls, and to specific cages or suites requires separate authorisation at each stage. Access logs are maintained so that every entry and exit is recorded with a timestamp and identity. Pulsant's facilities operate 24/7 manned security with strict access protocols, ensuring that only authorised individuals can reach customer infrastructure at any time.

Q: What is the role of CCTV and perimeter security in a data centre?

A: CCTV provides continuous surveillance of all entry points, internal corridors, loading bays and critical infrastructure areas. Footage should be retained for a defined period to support incident investigation. Perimeter security, including fencing, barriers and external lighting, deters and delays unauthorised access before it reaches the building. These controls form the outer ring of a layered physical security model and are standard across Pulsant's UK data centre estate.

Q: How does a data centre protect against power failure?

A: Power resilience is one of the most critical infrastructure security considerations for any data centre. A well-specified facility should provide diverse A+B power feeds to racks, redundant uninterruptible power supply (UPS) systems, and standby diesel generators capable of sustaining operations during a mains failure. Pulsant's data centres are designed to deliver 100% power availability, with redundant infrastructure at every layer to eliminate single points of failure.

Q: What fire suppression systems should a data centre have?

A: Data centres should use specialist fire suppression systems designed to protect sensitive equipment without causing water damage. Inert gas or clean agent suppression systems are the standard, activating automatically to suppress fires while leaving hardware intact. Early warning smoke detection systems, typically using very early smoke detection apparatus (VESDA), provide advance notice before a fire can develop. Pulsant's facilities are equipped with these systems throughout, supported by regular testing and maintenance programmes.

Q: How does a data centre protect against network threats?

A: Network security in a data centre environment includes firewalls, intrusion detection and prevention systems, DDoS mitigation, and traffic monitoring. Carrier-neutral connectivity, such as Pulsant's Edge Fabric, supports private networking between sites, reducing exposure to public internet threats for inter-site traffic. Network security should be layered alongside physical controls, not treated as a separate concern, since physical access to network infrastructure is itself a significant threat vector.

Q: What is the difference between physical and cyber security in a data centre?

A: Physical security controls who and what can access the facility and its hardware. Cyber security controls how data and systems are accessed, transmitted and protected over networks. In a data centre context, the two are closely linked: a physical breach can enable a cyber incident, and a network intrusion can expose physical infrastructure to attack. A well-secured data centre addresses both through layered controls, clear policies and regular testing. For more on how cloud security specifically protects critical data, see Pulsant's cloud security FAQ.

Q: What security certifications should a data centre hold?

A: ISO 27001 is the most widely recognised certification for information security management and should be considered a baseline requirement. PCI DSS is relevant if your workloads involve payment data. Cyber Essentials demonstrates that foundational security controls are in place across the organisation. For public sector organisations, additional compliance frameworks may apply. Pulsant holds ISO 27001, PCI DSS and Cyber Essentials accreditations. View the full list of Pulsant's accreditations and certifications.

Q: How do data centre security standards support regulatory compliance?

A: Security certifications provide independently verified evidence that a data centre meets defined standards. For regulated industries, this matters because it reduces the burden of due diligence and supports audit requirements. ISO 27001, for example, covers information security risk management, access controls, incident response and business continuity, all of which map directly to regulatory expectations in sectors such as financial services, healthcare and the public sector. Choosing a certified provider strengthens your overall compliance posture rather than leaving security as an assumption. Find out more about how Pulsant supports data sovereignty and compliance requirements.

Q: How do you assess whether a data centre's security meets your requirements?

A: Start by requesting documented evidence of certifications rather than taking claims at face value. Ask for the scope of ISO 27001 certification to confirm it covers the specific sites you plan to use. Request details of access control systems, CCTV policies, power architecture and fire suppression. A reputable provider will welcome these questions and be able to answer them clearly. Visiting the facility in person is also a practical step.

Want to discuss your security requirements?

Get in touch with the Pulsant team to talk through your infrastructure and compliance needs.