Back to BlogAnalysis · Data Center Security

    Customer Cages Look Simple Until the Raised Floor Becomes the Security Problem

    Customer cage security looks obvious from the outside: build fencing around racks, add controlled access, document who enters, and satisfy the audit checklist. Then someone mentions crawling under a raised floor to bypass a door, and suddenly the whole conversation gets much more interesting.

    June 2026 12 min readSensaka Research

    A gallery post showing a new customer cage in US Signal’s MI05 Detroit facility sparked exactly that kind of discussion. The post was framed as “more data center goodness,” but the comments quickly moved from admiring the build to debating bank-grade cages, underfloor fencing, badge and biometric access, cameras, key watcher systems, security screws, roll-up doors, and whether posting photos from inside a facility is ever safe.

    That is the useful part. A cage is never just a cage. It is a physical security promise, an audit artifact, an operational workflow, and sometimes a reminder that the floor below your feet may be part of the attack path.

    // 01

    Why customer cage security matters

    Customer cage security matters because colocation is built on shared trust inside shared infrastructure. A provider may control the building, lobby, mantrap, security desk, cameras, access logs, and data hall entry, but customers still want their own physical boundary around their equipment.

    That boundary can be about compliance, insurance, contract language, internal policy, customer optics, or genuine risk reduction. In regulated industries, the cage may matter as much to auditors as it does to engineers. It creates a visible separation between one customer’s equipment and everyone else’s.

    But visible separation is not the same as complete security. A fence can look strong while leaving gaps above, below, around cable trays, through shared pathways, or under a raised floor. The best physical security teams do not just ask whether the cage looks secure from the aisle. They ask how someone might actually bypass it.

    That is where the thread got interesting. The best comments were not about how nice the cage looked. They were about what the cage might miss.

    // 02

    Bank-grade cages can get intense fast

    One commenter described a bank customer cage that was roughly similar in size but locked down much harder. You could not see inside. It had underfloor fencing, cameras everywhere, including underneath, and three checks to enter: badge, fingerprint, and iris.

    That sounds extreme until you remember the customer. Banks do not buy physical controls just because they enjoy making technicians miserable. They buy them because risk, audit pressure, regulatory expectations, insurance, and internal security teams all shape the requirement.

    This is why customer cages vary so much. One customer may accept standard mesh, card access, and provider escort policies. Another may demand opaque walls, cameras, biometric controls, underfloor barriers, separate key custody, and evidence that access events can be reconstructed later.

    The facility operator’s job is not to roll its eyes at the difference. It is to understand what the customer is actually trying to satisfy. Sometimes the answer is practical security. Sometimes it is compliance theater. Most of the time, it is both.

    // 03

    The raised floor is part of the perimeter

    The sharpest story in the discussion came from a physical security audit. A team renting full data halls found that someone could enter a mantrap with lower permission, lift raised floor tiles, crawl under the data hall entrance door, and come out on the other side. A fence structure was later built under the floor to close the gap.

    That is the whole lesson in one ugly little scene. A door is not a perimeter if the floor below it is open. A cage is not a perimeter if someone can move under it. A mantrap is not enough if the permission boundary stops at eye level.

    Raised floors are common in data centers for airflow, power, cabling, and operational flexibility. But they also create hidden space. Hidden space can become a maintenance area, a cable mess, a safety hazard, or a physical security bypass.

    Good customer cage security has to include the underfloor plane. That may mean underfloor mesh, barriers, cameras, tile controls, screw-down panels, access procedures, or inspections after moves and changes. The cage perimeter has to exist in three dimensions.

    // 04

    Security screws are annoying for a reason

    Security screws became a small side debate because operators know the pain. One person said they had seen wild setups with security screws. Another joked about how annoying they are. A more operational comment said screw-down tiles can be frustrating when rushing over from another facility to hunt a faulty smoke head without a drill.

    That is the eternal security tradeoff. Controls that slow unauthorized access also slow authorized work. The trick is not to remove the control. The trick is to design the workflow so authorized work does not become chaos.

    If raised floor tiles are screwed down for security, technicians need the right tools, access process, documentation, and emergency procedure. If smoke detection, cabling, or power work requires underfloor access, the security design cannot pretend nobody ever needs to open anything.

    Bad physical security makes operations brittle. Good physical security adds friction in the right places and gives trusted teams a clean way through when work is legitimate.

    Security screws are annoying. So are incidents. Pick your annoyance carefully.

    // 05

    Roll-up cage doors solve a space problem

    A later comment added an interesting detail about the cage design: the company that built it described roll-up doors at the front and rear, intended to eliminate dedicated security clearance space and save room compared with a standard network IT security cage. Another comment said the cage sits close enough to the server row that, when the roll-up doors are deployed, the cabinet doors inside cannot physically open, even if the cabinets were left unlocked.

    That is a clever idea because data center space is expensive. Traditional cage layouts can burn valuable square footage on clearance, swing paths, and security separation. If a roll-up design can satisfy the contract or audit requirement in less space, customers and operators will pay attention.

    But space-saving security still needs testing. Does it block the right access path? Does it interfere with emergency work? Does it complicate cooling or airflow? Can technicians service both front and rear of the rack without awkward steps? Does it create pinch points? Can it be bypassed through the floor, ceiling, or side?

    A good design does not just check the box. It survives the weird day.

    // 06

    Photos inside data centers are never casual

    The thread also had the predictable question: are you allowed to show this? That is not paranoia. Many people would be reprimanded for posting photos from inside a data center without approval.

    Facility photos can reveal more than people think: cage layouts, camera placement, access paths, cabinet types, cable routes, floor construction, labels, fire systems, power distribution hints, customer identity, and operational practices. Even a harmless-looking image can become sensitive if it connects too many dots.

    In this case, a commenter involved with the cage build said they would not share it independently, but noted that it had been publicly posted on LinkedIn by a data center executive, which suggested it was permitted under the facility’s policy. That is the right distinction.

    The rule should be simple. Publicly share only what is explicitly approved. Do not assume “no customer logos visible” is enough. Physical infrastructure can leak context even when names are hidden.

    Data centers are photogenic to infrastructure people. They are also security environments. Both things are true.

    // 07

    Chain of custody matters more than the fence

    The original poster mentioned using a key watcher system to maintain chain of custody for physical access. That is an important detail because physical security is not only about blocking entry. It is also about proving who had access, when, why, and under what authority.

    A cage without access records is just metal. A lock without custody control is just hope. Cameras without retention policies are just decoration. Badge logs without review are just database noise.

    For regulated customers, access evidence often matters as much as access control. If an incident happens, the question becomes: who entered, who had keys, who approved the work, who escorted whom, what camera angles exist, what did the ticket say, and whether the physical event matches the change record.

    This is where physical security and operations meet. The cage controls entry. The workflow controls accountability.

    A mature data center treats physical access as an operational event, not just a door opening.

    // 08

    Cages inside private data centers are not strange

    Some commenters pushed back on the idea that cages only belong in shared colocation buildings. Others said they had worked in large privately owned data centers that still used cages inside the facility.

    That makes sense. A cage can separate departments, tenants, regulated workloads, contractors, vendors, lab zones, high-value equipment, or customer-managed hardware. Ownership of the building does not erase the need for internal boundaries.

    The same logic applies in enterprise environments. A company may own the whole data center but still need segmented access for payment systems, government workloads, backup infrastructure, managed service customers, or third-party hardware. Physical segmentation becomes another layer of risk management.

    The mistake is thinking “private facility” means “everyone inside is trusted equally.” That is rarely true. Access should match role, workload, contract, and risk.

    A cage can be overkill. It can also be the simplest way to make a policy real.

    // 09

    Physical security and monitoring belong together

    Physical security conversations usually focus on doors, cages, cameras, guards, biometrics, and audit logs. But data center monitoring also belongs in the conversation because physical events create infrastructure risk.

    A cage entry can lead to rack work. Rack work can lead to cable movement, power changes, fan obstruction, component replacement, accidental disconnects, thermal issues, or a server left in an unexpected state. If the monitoring stack cannot connect physical activity with hardware behavior, teams may miss the early signal.

    This is where /out-of-band-monitoring helps. BMC visibility gives operators a way to see hardware health, power state, temperatures, fan behavior, and component alerts below the operating system. If work inside a cage affects a server, the hardware layer may show it before the service desk understands what changed.

    Sensaka DCOS supports /dcos out-of-band hardware monitoring through BMC and management interfaces. For providers managing customer cages, that kind of visibility helps teams separate physical access events, hardware state, and operational impact more cleanly.

    The cage protects the rack. Monitoring proves the rack stayed healthy.

    // 10

    Auditors want evidence, not vibes

    The phrase “depends on what the auditors want to see” landed because it is painfully real. Many physical security controls exist because someone needs evidence that a requirement is met.

    That does not make the control fake. It means the control has to be explainable. A cage should map to a requirement. A camera should cover a defined area. A biometric check should support a policy. A key watcher system should produce usable records. Underfloor fencing should close a specific bypass. Security screws should be part of an access procedure.

    Auditors do not want a tour of cool hardware. They want to know whether controls exist, whether they work, whether access is limited, whether logs are retained, and whether exceptions are handled properly.

    Operators should design customer cages with the audit trail in mind from day one. Retrofitting evidence after the build is where everyone gets grumpy.

    Good security is not just hard to bypass. It is easy to prove.

    // 11

    What operators should learn from the MI05 cage discussion

    The MI05 customer cage discussion is useful because it took a clean infrastructure photo and turned it into a real design conversation. That is what good operations culture does. It looks past the shiny install and asks where the gaps are.

    A customer cage should be judged across access, underfloor security, serviceability, airflow, camera coverage, key custody, audit evidence, emergency access, and operational monitoring. It should also be judged against the actual customer risk. A bank cage and a standard colocation cage are not the same product.

    The broader lesson is that physical security is rarely about one barrier. It is layers. Building entry. Mantrap. Data hall access. Cage boundary. Cabinet locks. Underfloor controls. Cameras. Logs. Key custody. Change tickets. Monitoring. Escalation.

    Miss one layer, and someone may find the crawl space nobody planned for.

    // 12

    Frequently Asked Questions

    What is a customer cage in a data center?

    A customer cage is a physically separated area inside a data center that contains a customer’s racks or equipment. It usually uses fencing, locked gates, access controls, cameras, and related procedures to separate that equipment from other customers or facility users.

    Why do data center customers need cages?

    Customers may need cages for compliance, insurance, contractual requirements, internal security policy, audit evidence, or genuine physical separation. Regulated industries such as finance may require stricter controls than standard colocation customers.

    Why does raised floor security matter?

    Raised floor security matters because the space under the floor can create a bypass around doors, walls, or cages if it is not blocked. Underfloor fencing, cameras, tile controls, and screw-down panels can help close that gap.

    Are security screws common in data centers?

    They are used in some facilities, especially where raised floor tiles or access panels need to be controlled. They improve security but can slow maintenance, so teams need tools and procedures ready before urgent work happens.

    What is a key watcher system?

    A key watcher system tracks who takes physical keys, when they take them, and when they return them. In data centers, it helps maintain chain of custody for physical access to cages, rooms, cabinets, or controlled areas.

    Are photos inside data centers allowed?

    Only when explicitly permitted by facility policy and customer agreements. Photos can reveal security layouts, equipment, cabling, labels, cameras, or other sensitive operational details, even when no customer name is visible.

    Do private data centers use cages too?

    Yes. Cages can exist inside private or enterprise-owned data centers to separate departments, workloads, vendors, regulated environments, or customer-managed equipment. Building ownership does not remove the need for internal access boundaries.

    How does Sensaka support customer cage operations?

    Sensaka helps teams monitor hardware health, BMC signals, power state, thermal behavior, and operational risk. DCOS supports out-of-band monitoring, giving operators hardware-level visibility when physical access or cage work affects equipment.

    Physical security does not stop at the cage door. See it in action. Request an online trial and explore how Sensaka helps data-center teams monitor hardware health, BMC signals, and operational risk across cages, racks, and controlled infrastructure spaces.

    Request an Online Trial →