From the Library of Alexandria to Data Centers: Data Security

Think data centers are a product of the last fifty years? Think again. The principles behind them echo patterns that have repeated throughout human history.

Just as today, it would not be incorrect to state that thousands of years ago, information was a significant source of power and great efforts were made to protect it. Throughout history, humans have felt the need to record their social lives, historical events, and turning points that affected themselves and their environments. This instinctive orientation is not only a reflection of the desire to acquire knowledge but also of the importance of controlling knowledge for individual and societal continuity. Figurative depictions on cave walls were not merely aesthetic endeavors but expressions of a reflex to transfer collective memory to future generations. Research in evolutionary psychology shows that such symbolic behaviors played a critical role in the intergenerational adaptation process and were essential in enabling the human brain to produce not only individual but collective responses to environmental threats.

When discussing data center security, it is not enough to focus solely on fire suppression systems, backup power infrastructures, or cooling technologies. True security must be managed with a holistic understanding of who is accessing the facility, when, and under what conditions.

With the invention of writing, this internal orientation transformed into systematic archiving. Economic records kept in Sumerian temples, property documents in Babylon, and written regulations such as the Code of Hammurabi not only documented ongoing transactions but also laid the foundation for a power model based on information. From that period on, information became a valuable asset that needed to be protected in physical locations. One of the pinnacle examples of this understanding, the Library of Alexandria, represented state control over access to knowledge—regardless of the content of the works it housed. Similarly, the libraries of Bukhara and Samarkand served as centers of both the social sciences and administrative data accumulation, functioning as institutional structures that not only provided access to knowledge but also determined the ability to interpret and process it. In these centers, access to information was granted to trained personnel, applying primitive forms of “authorization,” and data integrity was maintained through both physical protection measures and selective human resources.

From Papyrus Shelves to Data Center Cabinets

In the modern era, unlike the temple archives of thousands of years ago, data is stored digitally. Functionally, however, very little has changed. The rooms where papyri or clay tablets were stacked and the shelves of libraries have been replaced by smart data rooms and cabinets. Modern data centers represent the digital memory of corporations, governments, and global networks; they are structures where critical decisions, strategic analyses, and millions of parameters concerning individual rights are processed simultaneously. These centers far surpass historical libraries not only in volumetric size but also in functional diversity, yet they remain structures that must be protected to the same extent. As of 2024, the global digital data volume is measured at approximately 149 zettabytes (1 zettabyte equals roughly 1 billion terabytes), and it is expected to reach 200 zettabytes by 2025.¹

Within this massive data accumulation, various types of data centers operate actively. Enterprise data centers are custom-built, fully controlled structures used within organizations and are preferred by institutions such as banks and government agencies. In addition to these, colocation centers offer shared infrastructure services like physical space, power, cooling, and security for multiple clients. Hyperscale data centers, focused on today’s technology-driven computing and governance processes, are operated by cloud giants and house tens of thousands of servers in rapidly scalable facilities (e.g., Google, Amazon AWS, Microsoft Azure). On the other hand, “edge” data centers are smaller-scale facilities located at the city and consumer level, tailored for applications requiring low latency such as IoT and 5G/6G. Cloud-based data centers, such as those operated by Amazon Web Services, Microsoft Azure, and Google Cloud Platform, have become an integral part of daily life by offering global-scale services.

New Norms in Security Perception

According to JLL data, global data center capacity was 42 GW in 2023 and is expected to reach 78 GW by 2027. This growth is particularly driven by hyperscale investments in the APAC (Asia-Pacific) and AMER (North and Latin America; EMEA—Europe, Middle East, and Africa) regions.²

On the other hand, McKinsey (The Cost of Compute) projects a $6.7 trillion investment requirement for data centers by 2030, noting that 78% of this will be needed for AI workloads.³ Goldman Sachs research further predicts that energy demand—when factoring in AI-related needs—will increase by 50% by 2027 and by 165% by 2030.⁴

Considering all these figures, it is clear that the sectoral growth related to data centers will also bring numerous risks. One notable risk is that modern-day threats are no longer solely physical—they also appear in digital and hybrid forms. The humidity that damaged cave paintings, the insects that destroyed papyri, and the invading armies that burned libraries to the ground have now been replaced by network-based attacks, malicious software, social engineering incidents, cable tapping, and hardware-level sabotage attempts.

According to the IBM X-Force Threat Intelligence report, in 2024 alone, unauthorized access through stolen credentials accounted for 30% of all incidents, a 71% increase from the previous year.⁵

Flashpoint’s 2024 Global Adversary Trends Report notes that 3.2 billion credentials were stolen throughout the year, representing an approximate 33% increase compared to the previous year. Most of the leaked information was stolen via infostealer malware, demonstrating the severe consequences that arise when physical access security shortcomings are combined with cyber attacks. A significant portion of data leaks involved internal access manipulations.⁶ Research in data security clearly shows that physical entry security is just as important as cyber security layers—and the two must be considered together.

Multi-Layered Security Is Now a Necessity

When discussing data center security, it is not enough to speak only about fire suppression systems, backup power infrastructures, or cooling technologies. Security must be managed with a holistic understanding of who, when, and under what conditions access is granted. This is where the “Zero Trust” model comes into play, which is based on the principle that every request, access attempt, and operational command must be verified. However, if the fundamental access infrastructure is insecure, Zero Trust applications cannot go beyond generating a theoretical sense of safety. Fortunately, there are global efforts addressing this issue—most notably in the applied guide published by NIST NCCoE. The guide offers recommendations on a Zero Trust security framework based on real-world scenarios. The most striking of these is the restructuring of identity authentication processes.⁷

Additionally, the most notable proposal is found in the guide titled “Zero Trust Architecture: A Systematic Literature Review 2025” published by arXiv. This review analyzes ten years of research (2016–2025) and highlights the importance of continuous and multi-layered biometric identity verification methods in the implementation of Zero Trust.⁸

Reducing Sabotage Risks Through Biometric Authentication

The fact that card-based access systems are still standard in many data centers exposes them to serious vulnerabilities. Cards can be duplicated, transferred to others, or physically stolen—rendering an entire Zero Trust strategy ineffective from the outset. Just as digital data traffic security is critical, so too is the control of human traffic within the critical rooms and cabinets where this data is stored. Access control security in data centers is designed to monitor this traffic. But to what extent are the systems in use truly sufficient?

Although biometric authentication systems step in as an alternative, many of the current technologies can be tricked by fake data (e.g., 2D facial recognition systems fooled by high-resolution photos) or are based on hardware-prone infrastructures. Some methods, like fingerprint or iris scanning, are directly affected by physical wear or environmental conditions. In contrast, 3D facial recognition systems with liveness detection, capable of offline operation and decentralized architecture integrated with centralized systems, stand out as potential solutions to bridge these gaps. In this context, data center security should mean not only “taking precautions” but also “developing proactive architectures against foreseeable risks.” The fact that pioneering identity ownership-based methods—used in critical facilities like NATO—are still considered exceptions in civilian data centers raises questions about how seriously the sector takes these risks. Today, a targeted attack on a single data center can have widespread impacts, threatening the security of the entire connected chain.

At this point, not only technological solutions but also the vision of the actors developing these solutions become crucial. BioAffix, a brand that has made a global name for itself with its biometric security systems, exemplified this idealistic approach by winning the SIA NPS Awards in the “Best in Biometrics” and “Best in Mobile Solutions” categories at the 2025 ISC West event. Their engineering approach, which develops foresight not only on how a system works but also on how it can be misused, creates a vital difference in today’s high-risk digital environment for data center security. This perspective necessitates a reinterpretation of the term “end-to-end security,” a term originally rooted in software, into the physical domain.

Ensuring the security of a data center—from the cabinets it houses, to the floor, the building, the site, and the entire premises—so that no one but authorized personnel can access it, requires an advanced technological infrastructure and high-level implementation skills.⁹

By exploring the solutions offered by BioAffix products, which prioritize comprehensive approaches to authorization and access control, in the exponentially expanding data center market, you can transition to a security architecture that offers significant advantages.

References

1. Data Statistics (2025) – How much data is there in the world? ↩︎
2. 2025 Global Data Center Outlook ↩︎
3. The cost of compute: A $7 trillion race to scale data centers ↩︎
4. AI to drive 165% increase in data center power demand by 2030 ↩︎
5. X-Force Threat Intelligence Index 2024 ↩︎
6. Billions of credentials were stolen from businesses around the world in 2024 ↩︎
7. Zero Trust Architecture, Scott Rose et al., 2020 ↩︎
8. Zero Trust Architecture: A Systematic Literature Review ↩︎
9. Veri Merkezi Güvenliğine Kapsayıcı Yaklaşım – bioaffix.blog ↩︎