How to Hack (and Design) a Data Center

The bank architect’s goal is to create a secure edifice. The bank robber’s? To subvert the edifice. And yet consider their commonality: their interaction with space.  Both analyze plans and consider inefficiencies, both inhabit the space much differently than your average spectator. In fact, the Robber’s relationship with space is far more physical, urgent…nuanced. As Mehruss Ahi, a recent graduate from Woodbury University, puts it in his senior thesis: “The Architect is the Bank Robber…and the Bank Robber is the Architect.”

Ahi suggests a Robber-like “spatial hack” of the bank: an identification of its inefficiencies/vulnerabilities/paths of circulation. He also notes the necessity of giving priority to large storage space for goods rather than money (due to “the migration of banking services to the Web”). This new perspective, Ahi argues, will allow architects to design a smarter, more secure bank. The bank of the future.

Ahi’s assertion about the need for physical storage space (as turn to the Web), got me thinking. Our world depends less and less on physical storage, and more and more on the bits of information flying through the wires and cables of the internet. Ahi’s theory, while an interesting insight into bank design, is even more powerful when applied to the bank’s modern day equivalent: the Data Center.

The as Bank

Data Centers are the infrastructure that powers the Internet and supports our digital world; they are, necessarily, high-security facilities. They store the sensitive information of financial exchanges, online banking, government secrets. In the age of the Internet, it’s this information, the data, which is more in need of protection than the physical assets themselves.

Because of this, as well as the massive amounts of electricity they require, Data Centers have generally been built far from society. The separation has contributed to our own alienation from the process that creates a technology we use everyday.

In “Data Centers: Anti-Monuments of Our Digital Age,” I discussed the necessity of making Data Centers accessible to the public through design, of turning these “anti-monuments” into “glasshouses” that reflect our modern relationship with technology.

The statement is an idealistic one – the probability that a Data Center, with its need for massive amounts of electricity, power backups, and telecommunications infrastructure, could be designed to be “transparent” and, even more idealistically, to be integrated into our communities, is unlikely. Especially when Data Center security is considered.

And yet the isolation of these facilities doesn’t ensure their impermeability. Despite the presence of security cameras, barriers, and biometric devices at entrances/exits, the traditional Data Center is built with energy-efficiency, more than security, in mind.

Data Hackers

Take, for example, the raised floors and dropped ceilings commonly used to cool the Data Center’s many heat-producing servers.

Now take the role of the “Data Robber.” Imagine how you would infiltrate this space, how you could do damage. As Ryan Jones, senior security consultant with Trustwave’s SpiderLabs, explains “The walls don’t go all the way up [to the ceiling] or down [to the floor]. You can crawl down carefully to where you need to drop down.” A get-in & get-away built into the very building itself.

In his critique of the standard bank (which has a programmatic layout: bank tellers in front, vaults in the back), Ahi suggests an alternative: a vertical bank, with public space on the bottom floors and increasingly more secure spaces, where there is storage, on the upper levels. Imagine if this approach informed Data Center design.

In this approach, the vital need for security and the psychological need for transparency could be integrated. Through the eyes of the Data Robber, the Data Center could become the “bank” of the future; secure from subversion, and yet accessible to all.

“the architect is a key conspirator in the expression of personal legacy and wealth through the edifice, whereas the bank robber destabilizes the structure of capitalism through spatial interrogation. However, when one looks at their manipulation of space, the two are quite similar. Both the architect and the bank robber endure a process of extensive research, long term planning, and analysis of a building’s efficiency. Both use the physical building as a device in order to reach a goal.”

Mehruss Ahi

Cite: Quirk, Vanessa. "How to Hack (and Design) a Data Center" 09 Jul 2012. ArchDaily. Accessed 18 Apr 2014. <>


  1. Thumb up Thumb down +5

    Does a “Data Robber” even need to occupy the space in order to rob the space? If the $$$ is digital, can’t the robber also be digital?

    • Thumb up Thumb down 0

      Absolutely! This has been the security area that Banks & Data Centers have traditionally payed attention to: digital hackers. But I thought it would be interesting to take a look at the topic from a physical angle – to show how susceptible the internet is to physical attack. We always think about the internet as a virtual experience – we seldom consider the very real cables/wires that allow it to function.

    • Thumb up Thumb down 0

      My thoughts exactly…’robbers’ are just as digital as the information they attempt to steal. The physicality and spatial arrangement of a data center is irrelevant to a hacker. Has a data center ever been broken into? Citations?

      • Thumb up Thumb down 0

        ^ Oops, disregard last post I didn’t see Vanessa’s response. Also, thank you for your original article on the data centers Vanessa, very enlightening and addresses an issue rarely seen/thought about. I have also always wondered what that hideous Verizon tower in front of my apartment was for haha!

  2. Thumb up Thumb down 0

    The information may be dry but there are physical topology classifications (including security) for data centers. TIA 914 established Tier I through Tier IV ratings for facilities with Tier I being the least stringent and Tier IV having so much redundancy that it would be impossible to shut one down (or rob). I’m sure they said something similar about the Titanic.

  3. Thumb up Thumb down 0

    Recent events involving financial institutions, i.e. MFGlobal, Libor and PFG, demonstrate that the threat is not a rogue “hacker” but rather the individuals directly involved in the operations and regulation of said institutions. No amount of security measures, physical or virtual, will pre-empt the darker human conditions of greed and arrogance.

Share your thoughts