Mission: “Assess Our Data Center Security in Mexico”

The Executive Vice President and Chief Security Officer of a major international data center management company ushered us into his office. “We are responsible for protecting and preserving the confidentiality, integrity and availability of our clients’ most valuable information,” he said.  “I’m talking about intellectual property.  Critical operational data.  Irreplaceable high-level top secret information.  And I want to ensure that our data center physical security best practices – including emergency preparedness and business continuity – are consistent across all the regions of our global footprint.”  He paused. “I need your team to assess physical security operations at ten of our facilities in Mexico.”

Surprise Visits Provides Interesting Insights

Three days later, senior experts from the Hillard Heintze strategic security risk assessment team arrived in Mexico City – and nine other locations in other Mexican states and jurisdictions – and began their intensive review. In line with the client’s wishes, no warning was provided to each facility’s management team until one hour before the arrival of the assessment team.

Through interviews, site inspections and document reviews, the Hillard Heintze security assessors observed, requested and captured a wealth of insights and information on more than 42 capabilities, resources and assets related to the maturity of each facility’s security, emergency preparedness and business continuity practices. In addition to inspecting the sites’ physical locations, the assessment team gathered data on factors such as crime, power outages and weather patterns in the immediate vicinities and gathered further insight, intelligence and guidance from U.S. law enforcement and intelligence representatives posted to each respective city and region.

Key Findings Lead to Compelling Opportunities

The findings of this assessment provided this global leader with an unvarnished, fact-based, attorney-client-privileged perspective on where the most critical and compelling opportunities to improve security existed at each individual facility. The company is currently in the process of deciding where, when, how and in what order to put these recommendations into effect.

Unplugged: The Project Manager’s Perspective

“This was a highly sensitive engagement. It always is when region-specific differences are at play – across areas such as workforce readiness, process control metrics and standards, and attitudes toward internal policy compliance, among many other domains.

“We were on a fact-finding mission. But sometimes we also had to play the role of diplomat – taking measures to avoid leaving a negative impression on the management tier in these facilities about what ‘their American bosses and counterparts’ expected them to achieve in physical and environmental conditions that often varied significantly from those encountered outside Mexico.”

(What’s it like on the front line supporting the firm’s clients?  What are the challenges the firm’s experts help senior business executives, general counsel, board members and other decision-makers address?  Welcome to ACTION WEDNESDAY.  Every Wednesday, the Front Line Blog publishes a new case study.)