📘 Topic: Colocation Data Center Services

Domain: D4 – Physical and Environmental Security
Tags: #cissp

🧾 Definition

Colocation means renting space in a third-party data center to host an organization’s servers and networking equipment. It shifts some physical infrastructure responsibilities to the provider while leaving security and operations responsibilities with the customer.

🔑 Key Points

Shared responsibility applies to power, cooling, physical access, and connectivity.
The provider typically manages facility controls, while the customer manages equipment and application security.
Contracts should define uptime commitments, access procedures, incident response, and audit rights.
Physical security controls include guards, badges, cameras, and environmental monitoring.

⚠️ CISSP Insight

Colocation reduces infrastructure burden but does not reduce the need for strong governance and control oversight.
Organizations should verify that the provider’s controls align with their regulatory and business requirements.

⚔️ Key Difference / Trap

Colocation vs cloud
- Colocation = you still manage the equipment in a provider’s facility
- Cloud = provider usually manages more of the underlying infrastructure
Provider controls are not automatically your controls
- Contract and assurance evidence matter

🏗️ Example

An organization moves its servers into a colocated data center and retains responsibility for patching, monitoring, and access management while relying on the provider for power and facility security.

📚 References

NIST SP 800-53, PE family
TIA-942, Data Center Standards
ISO/IEC 27001:2022

🔁 Quick Recall

Colocation = rented facility space
Shared responsibility = still your security responsibility

[10] Crime Prevention Through Environmental Design (CPTED)[12] Business Continuity Planning (BCP)