Secret data center locations

By Sune Christesen, Jul 12 2009

One of the first challenges I met after launching Data Center Map, was the fact that a lot of providers do not want the exact locations of their data centers publicly available. When the site was launched the data on it was a mix of data entered directly by providers and data gathered from public sources, so it was surprising to be contacted by these companies claiming that I was revealing some kind of large secret that was posing a threat to their security.

As data centers often house critical infrastructure for both governmental organizations and corporations, it is understandable that providers want to take measures to prevent terror, theft and vandalism. Some clients even have it as a requirement that the provider may not disclose the data center location. However, I must admit I find it an illusion that some people think it is possible to keep the location of a colocation data center secret, unless it is a very small one.

Tons of ways to find a large data center
If someone with bad intentions really wants to find a data center, they will find it – and with large data centers it will be very easy. With the amount of companies offering services from a large data center, the address will often be possible to find on carrier POP lists (point of presence), hosting companies data center descriptions or on forums/blogs discussing the facility. If not, then you would most likely be able to get it by contacting a company offering services from the facility (by pretending to be interested in their services) or by asking a large carrier of a list of addresses in the area where they offer services. There is probably a ton of other ways as well.

Furthermore it is ironic that we have these “top secret” facilities while other data centers often are referred to by their address within the industry and some of the largest and most critical facilities are even marketed by their address as their name (111 Eight Avenue, 151 Front Street West and 55 Marietta Street just to name a few).
So why keep attempting to hide the locations? It seems as a cheap marketing stunt as it of course it gives a more secure image and perhaps makes clients feel more secure, but in the end it’s just a false sense of security.

A publicly known secret
Personally I find it a bit comical when providers try to maintain a reputation of their data center locations being secret, when in fact it is a publicly known secret where they are. When we look at data center break ins/robberies, they always seem to be very targeted by people who know what they are going for and where it is located in the building, so obviously they have inside knowledge and haven’t just looked up a random data center address on the internet. In my opinion focus should be put on increasing the physical security instead, although there of course is not much to do that can prevent someone from crashing a Boeing 757 in to the facility.

With regards to colocation clients finding their services to be so critical that they demand from their provider that they do not disclose the data center location, establishing a private data center would perhaps be a better idea than colocation.
History shows that corporate data centers aren’t necessarily secured anonymity either, if they are large enough through, for example NYSE ran in to this problem – and as far as I know Google and Microsoft would like to keep their locations secret as well, even though some of them have been identified.

Impact on Data Center Map
When it comes to listings at Data Center Map, I do of course honour companies that do not want their exact location revealed. Currently about 5% of the data centers listed here are listed with a reference point instead of their exact location, most of them are from a few large providers who all have a strict policy when it comes to disclosing data center locations.

Obviously it is harder for potential clients to find their listings as they do not have their own icon on the map and can’t be found via the radius-based search function. Furthermore some of them don’t even want their exact postal code listed, which makes it harder for potential clients to evaluate them as a potential provider when they have got for example 15 other data centers to pick from with knowledge of their exact locations. So having to go through a security check and risk getting hunted down by aggressive sales people, just to know where a data center is located, might scare some clients away.