Cloud providers continue to fight the perception that a customer’s servers are inherently more secure sitting in a company facility than running in a cloud somewhere else. And that remains a hurdle to wider cloud adoption.
But how many of those server rooms are encased by not one, not two, but three physical barriers equipped with card readers, video cameras, metal detectors?
The ability to field hardened, secure facilities is a selling point for Amazon (AMZN) Web Services, and one that was stressed by Jerry Hunter, vice president of infrastructure at AWS Re:Invent.
You might think data security has become nearly paranoid, but as the saying goes, just because you’re paranoid doesn’t mean someone isn’t out to get you. And given the number of data breaches surfacing of late, paranoia is a rational response.
On Tuesday, one security talk was standing room only, with a long line of attendees out the door. Clearly this is a top of mind issue.
Amazon data centers are surrounded by three physical layers of security. The outermost, or “perimeter one” is a fence which is either crash-rated to prevent a vehicle from penetrating it or backed by the state of the art aka Jersey Barriers.
Access to “perimeter two,” an area which houses chillers, switchboards and maybe generators, is blocked by another wall. Entrance there requires both a badge swipe and a personal pin. The only authorized entrants are the engineers required to service this sort of gear.
Each door is under video surveillance with the feed monitored both locally and remotely. Often the space between perimeters is studded with internal trip-lights that are also monitored and managed around the clock, he said.
The innermost perimeter three comprises the data halls with servers and networking gears. These doors are also montiored by video cameras and require another badge swipe and pin number for entry. They are also equipped with metal detectors.
“Nothing can go in or out without setting off an alarm,” Hunter told attendees of an AWS Re:Invent talk.
It’ s important to keep bad guys out, but equally important to keep the data in which is why Amazon monitors incoming gear, tracking every disk that enters the facility. And “if it breaks we don’t return disk for warranty. The only way a disk leaves our data center is when it’s confetti.”
For more on Amazon Web Services, see the video.
Subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.
