In many organizations, the cost of data center security is a shared expense —or at least it should be. How much then should you be spending on security and how much of that should be picked up by other business units?
As businesses plan out their data center budgets, some consideration must be given to physical security. Realistically, what percentage of your budget should be for physical security? Also, how much of the cost of physical security does your data center incur as opposed to other business units, such as facilities and security?
MORE INFORMATION:
The size of your physical security budget is predicated on how much you are anticipating your physical security system to grow during the time frame of your budget. For existing data centers where physical security has been installed and you are merely attempting to estimate what you will require for a budget to maintain the installed components and systems, the integrator who is contracted to provide you with service should be able to provide you with an exact service and maintenance number. However, I would recommend adding 20% to that number for any unforeseen, outside of contract maintenance costs.
For future project budgeting, you should be able to get a hold of what your facilities department has planned for projects that require physical security and estimate what the security costs related to those projects will represent. You will need to determine what the unique physical security requirements are for each project because they can vary however, using 1.0-1.5% of a total projects construction cost should suffice.
The cost you incur as opposed to what is charged back to projects and other departments will generally fall into the below four categories:
Your department incurs the cost because the particular project is a project that originates from your security department (building a new security console).
A business unit incurs the cost because they are building out a new sensitive file room and require a card reader, camera and other similar devices. This cost will typically be incurred by the department requesting the room. The installation of security components is required and necessary due to the information contained in the room as a matter of Security/Audit Policy.
Base building incurs the cost because the installation of security components is designed to protect or control base building areas (main entryways, loading docks, inner lobby areas, etc.) Here the cost is absorbed as part of base building operations and is depreciated out over the remaining life of the building. The cost should not be directly absorbed by the security department.
The cost of security is part of an overall large construction project where the costs associated with security are absorbed and then depreciated as the facility ages. You may have a security budget relative to the project however, the cost of physical security is not absorbed as a security department capital number.
About the author
Security consultant Thor A. Mollung is managing director of MollungSystemsManagement. Mollung has more than 20 years of progressive management, operational management, systems management and technology integration experience in the industrial security industry with major worldwide companies such as Fidelity Investments, Mellon Bank and State Street Corporation. He can be reached at tamollung@mollungsystems.com.
This tip originally appeared on our sister site, SearchDataCenter.com.
