DCTR-05

Are your servers separated from other companies via a physical barrier, such as a cage or hard walls?

Explanation

This question is asking whether your organization's physical servers are isolated from other companies' equipment within a datacenter through physical barriers like cages or hard walls. Why it matters: Physical separation is a critical security control that prevents unauthorized physical access to your servers by other tenants in a shared datacenter environment. Without proper physical barriers, someone with legitimate access to the datacenter (like another customer's technician) could potentially access, tamper with, or damage your equipment. Physical security is a fundamental layer in a defense-in-depth security strategy. The question is asked in security assessments because physical access to servers can bypass many software-based security controls. An attacker with physical access could install hardware keyloggers, extract storage devices, manipulate hardware, or even steal equipment containing sensitive data. Educational institutions want to ensure their data is protected not just from cyber threats but also from physical threats. When answering this question, you should describe: 1. The type of physical barriers used (cages, hard walls, locked cabinets, etc.) 2. Access controls to these barriers (who has access and how it's controlled) 3. Whether you use a third-party datacenter and their physical separation practices 4. Any additional physical security measures that complement the barriers

Example Responses

Example Response 1

Yes, our servers are housed in dedicated cages within our colocation facilities These cages use metal mesh walls that extend from the floor to the ceiling, creating complete physical separation from other tenants' equipment Access to our cages requires both electronic key card authentication and physical keys that are only held by authorized members of our infrastructure team Additionally, the datacenter itself employs 24/7 security personnel, CCTV monitoring, and maintains logs of all physical access to our equipment areas.

Example Response 2

Yes, our company utilizes AWS dedicated hosting services for our infrastructure While we don't directly manage the physical servers, AWS maintains strict physical separation between customer equipment in their datacenters According to their compliance documentation, servers are housed in separate locked cabinets within secure areas that feature hard walls and multiple layers of physical access controls AWS datacenters are SOC 2 Type II and ISO 27001 certified, which includes verification of their physical security controls We receive attestation reports annually confirming these controls remain in place.

Example Response 3

No, our servers are currently housed in a shared rack environment within our datacenter provider's facility While the facility itself has perimeter security controls including badge access and security personnel, our specific servers are not separated from other customers' equipment by physical barriers such as cages or hard walls Instead, we rely on logical security controls and encryption to protect our data We recognize this physical security limitation and are evaluating options to migrate to a caged environment or private suite within the next fiscal year as part of our security enhancement roadmap.

Context

Tab
Infrastructure
Category
Datacenter

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron