Countering overlooked physical threats in the data centre
Mon 13 Feb 2017 | Simon Williamson
With the growth of data centres comes an increased threat to the physical security of data. Simon Williamson at Southco explains why effective racking security and compliance can help counter the growing, and sometimes overlooked threat of physical security breaches…
The data centre landscape is growing so quickly that physical security can often get overlooked. And, it is not just risk of breach from intentional theft. A lot of the time breaches and data centre downtime is caused by human error.
Market research reports that as much as 70% of data centre outages are directly attributable to human error, which makes physical security measures critical in the management of unwanted downtime, negative reputation and cost.
Effective rack security can significantly reduce risk of deliberate and accidental breach into the server cabinet
Within a co-location data centre environment these risks are even higher due to the risk of somebody wandering into another companies ‘area’ or ‘zone’, or accidentally accessing the wrong server. This is where rack-level security solutions are paramount.
Effective rack security can significantly reduce risk of deliberate and accidental breach into the server cabinet, thereby helping to more efficiently control customer data, data centre downtime and unplanned cost.
Data centres typically have at least three or four layers of physical security, including perimeter, building, and server room security barriers. However, more often than not, the layers stop when you enter the area where the data is stored.
If somebody intentionally or accidentally gets this far, the next security hurdle for them is potentially minimal, with some data racks only being secured with a simple mechanical lock and key which can be easily manipulated or duplicated.
Mechanical keys and locks on data cabinets also present challenges associated with key management, such as keys being lost or falling into the wrong hands. Other industries like healthcare and banking are also feeling the same pains and are migrating towards electronic, more intelligent locking solutions.
Electronic swing handles and rotary latches are being introduced in healthcare environments to monitor drug dispensing and patient record security, while installation on ATM and vending machines can help better control machine access –significantly reducing crimes associated with skimming and theft.
One of the most cost-effective options for a seamless data security upgrade is investing in sophisticated electronic access solutions
Fitting these sophisticated security systems onto equipment further eradicates key management challenges, as well as the vulnerabilities they bring to secure environments where human involvement is required.
Access control and regulation
Physical security concerns are increasingly supported in best practice compliance and global regulations. Regulatory and compliance requirements around access to data are becoming more and more prominent, and have created additional layers of responsibility for data centre managers. European Data Protection Directive (EU Directive 95/46/EC), General Data Protection Regulations, PCI DSS, HIPAA, Sarbanes Oxley, ISO information security management – are all examples of these.
Most guidelines for data protection and privacy mandate that organisations limit or retain better control of physical access to information systems, equipment and the respective operating environments. In some cases, these are regulations rather than ‘directives’, meaning non-compliance can result in a significant fine. More and more organisations are therefore investing in physical security upgrades – leaving data security to chance is not an option.
One of the most cost-effective options for a seamless data security upgrade is investing in sophisticated electronic access solutions on the data rack itself – electronic locks with added intelligence. Through these systems, data centre operators are able to verify credentials at the rack level, provide an audit trail of cabinet access, and remotely operate and monitor activity. This capacity helps to save time, reduce risk and aid data security compliance.
This option does not require huge investment. Sure, cabinet manufacturers can choose these locks for their new design of cabinet, but more importantly, a solution such as an electronic swing handle for example, can be retro-fitted onto existing cabinets with nearly any panel prep available, and can integrate seamlessly with a data centre’s existing security software.
These types of intelligent solutions are fast becoming a clear answer to physical security stumbling blocks in the data centre. As industries and technologies are evolving at such a rapid rate, it is critical that the quality of our physical security is not left behind.
