Physical security, fire safety, and emergency management in the data center
In the digital world, the term “security” is often instinctively equated with firewalls, encryption, and defending against phishing or cyberattacks. But the experienced facility manager or security officer (CISO) knows: the threat landscape is hybrid.
A data center is more than the cloud — it’s a physical place where sensitive data is stored on silicon and copper. And that physical reality is vulnerable.
A cable fire that goes undetected, or unauthorized access to the server room, can cause damage no backup in the world can repair. Data loss from physical threats is often irreversible. Therefore, a modern security strategy must extend beyond the virtual gateway.
It must turn the building into a fortress. The physical security of data centers, together with intelligent fire protection and robust emergency management, forms the indispensable foundation for protecting your IT infrastructure and other critical infrastructure.
Strategic structure of physical security based on the onion principle
Professional security concepts follow the onion principle (“Defense in Depth”). An attacker—whether a person or a vehicle—must penetrate several layers before reaching the core, the IT systems.
This zonal model (often aligned with DIN EN 50600) defines clear security levels from the property boundary to the rack. Today, new entry points introduced by the Internet of Things (IoT) must also be secured both physically and digitally.
The layers of security
Protection begins at the perimeter, the outer ring. Physical barriers such as fences, bollards, and comprehensive video surveillance with intelligent motion detection deter and detect intruders early. The next layer is the building itself: windowless façades and security doors of resistance class RC3 or higher prevent forced entry.
Inside, access control follows the strict “need-to-know” principle. Access is usually enforced biometrically (hand-vein scanner, iris scan) or via two-factor authentication to prevent misuse of ID cards.
Mantraps ensure that only one authorised person can enter the server room at a time (“anti-passback”). This system must be scalable to keep up with growing security requirements — especially important for colocation providers with high foot traffic.
Fire protection requirements for the data center
Fire is the archenemy of IT. The high power density in modern racks and continuous air conditioning create dry air and concentrated energy in a confined space – ideal conditions for equipment failure.
However, when it comes to the sensitive topic of fire protection, the approach in the data centre is fundamentally different from that in an office building. An effective fire protection concept rests on three pillars: prevention, early detection, and non-damaging fire suppression.
Preventive fire protection and fire avoidance
Preventive fire protection takes priority to actively prevent fires. Structural fire-protection measures, such as dividing the building into fire-resistant compartments (F90/F120 walls), prevent a fire from spreading unchecked. This also includes consistently reducing the fire load (e.g., no cardboard boxes in the server room).
Water is not an option – gas fire suppression systems
Conventional sprinkler systems can extinguish a fire, but they can destroy hardware with water and corrosion. The solution is gas-based fire protection systems. They flood the affected area with inert gases (such as nitrogen or argon) or use a chemical extinguishing gas (such as Novec 1230).
- Operating principle: These gases displace oxygen to such an extent that the fire is smothered, or they chemically remove its thermal energy.
- Advantage: They extinguish without leaving any residue and are electrically non-conductive, so IT systems can often remain operational. In addition, portable fire extinguishers (e.g., CO₂) are available in the anterooms to manually tackle small, incipient fires.
Early fire detection saves lives
Before the extinguishing system is triggered, the fire must be detected. Conventional ceiling-mounted fire detectors are often too slow, since powerful ventilation dilutes the smoke. Modern aspirating smoke detectors (RAS) actively draw in air samples and analyze them for microscopic smoke particles, enabling precise detection.
This early fire-detection system often alerts you when a cable just begins to smolder — long before an open flame or visible smoke appears.
Emergency Management: The plan for emergencies
Technology can fail, and people can make mistakes. Emergency management defines what will happen in an emergency. An emergency plan is not a dusty folder; it’s a practiced procedure that’s regularly rehearsed to contain any fire incident as quickly as possible.
It regulates alarm notifications (who is informed and when), coordinates firefighting efforts by security personnel and the fire brigade, and defines clear evacuation routes. The restart is particularly critical: How are IT systems and cloud computing services – such as business-critical Microsoft applications – safely restarted after a shutdown (e.g., due to an emergency stop)?
Regular risk analyses also help to identify new security risks, fire hazards, or environmental threats (e.g., floods) at an early stage and to proactively adapt the security strategy.
The role of the emergency power supply in the safety concept
Security systems are power-hungry. Access controls, cameras, the fire alarm system, and the motorized valves of the fire-suppression systems must continue to operate during a blackout. When the power fails, many systems open the doors (fail-safe) for safety reasons — a nightmare for physical IT security.
Therefore, the UPS (Uninterruptible Power Supply) is essential to support these systems until the backup power system comes online. PowerUP’s gas engines are part of the safety chain. They provide the energy to keep the air conditioning running and to ensure the long-term operation of the safety systems. Without power, there is no safety.
Compliance in the DACH region: BSI, VdS, and standards
In Germany and the DACH region, security is heavily regulated. The BSI (Federal Office for Information Security) provides clear recommendations for structural fire protection and physical security through the IT-Grundschutz.
- DIN EN 50600: This standard defines availability classes and physical security zones for data centers across Europe.
- VdS guidelines: Insurers often require compliance with VdS standards for fire protection systems and intruder alarm systems to make risks insurable.
- KRITIS: Operators of critical infrastructure must demonstrate that they are prepared to withstand physical attacks and natural hazards.
Security for your critical infrastructure – with PowerUP
A safety concept depends on the reliability of all components. If the external power supply fails, internal safety systems must continue to operate seamlessly.
At PowerUP, we help ensure the reliable operation of your backup power systems so you can respond effectively in an emergency. By using high-quality spare parts and technical expertise, we ensure your generators are ready to start when it matters.
Our portfolio includes components and solutions suitable for use in Jenbacher®, MWM®, Caterpillar®, MTU® and other engine brands. These are spare parts specifically designed by us and are not original components from the manufacturers mentioned.
Invest in the resilience of your security chain. For us, technology is our driving force and efficiency is our focus.
