Data centers and IT facilities usually come in two flavors, off-site and in-house. But in each case the common denominators are that an organization’s data center holds delicate and highly confidential information that requires highest level of security. While today’s headlines are filled with the hacking attempts to steal information off vulnerable networks and servers from remote locations, the threat of physical breaches into data centers is also real and requires a coordinated security strategy using a layered approach.
Whether the data center is a remote standalone facility or housed in a corporate location, it needs a protection plan that begins at the perimeter and moves to the building itself, then into the facility, the data center or server room and finally securing the cabinets and racks containing the wiring arrays and equipment. The security layers may feature perimeter barriers and surveillance, or secured entrances with high-level access control like mantraps and turnstiles, badging, multi-technology biometrics and analytics.
The size and shape of data centers varies according to size of the organizations they serve, but each is the nerve center of that company and prone to physical attacks. It is important to remember that many data centers are more than just information storehouses. The data centers contain essentials such as the wiring compartment room, which hosts the wiring infrastructure where network and systems alarms and firewalls are located, the computer/server room where the devices that perform the primary processing of a data center are stored, and finally, the inner sanctum of the data center which is its data storage location. While all these areas are susceptible to remote virtual breaches, a physical breach into the data center that destroyed wiring infrastructure, or resulted in stolen servers or a RAID drives would be catastrophic for an organization’s business health and operations.
While physical security may not be the first thought in an environment of cloud computing and virtualization, it should not be overlooked or underrated as a critical tool for cyber security. Controlling access to and within the building and its servers is critical to overall data center security. By peeling away each layer within the building, the options available to help secure data centers is clear.
An immediate priority would be to limit access points into any facility housing a data center, while keeping unencumbered exits required for exit by fire codes. A high-security facility would require people entering the building to authenticate themselves a minimum of three times. Outer secured entrances to the facility could be a badge-in door with a buzzer or intercom system for guests. A sophisticated visitor management system would require guests to receive temporary access rights via mobile or RFID access cards tied to the access control system for tracking. In the case of a co-location facility, security revolving doors with anti-tailing sensor systems can be used.
Multi-factor authentication with any combination of face recognition, fingerprint, RF card and/or PIN is the best possible scenario. The access control system should allow for integration with video surveillance and have options for biometric authentication. Employing a level of flexibility in system design differentiating authentication methods from the strict high-security access points to public areas with less restriction is an option. A high degree of separation and access must also be implemented, allowing access to only those who need it and in the case of co-location, segmenting the rooms as much as possible.
The highest degree of security must be reserved for the data center itself and it is here that a comprehensive anti-tailgating strategy is essential. Options include security revolvers (revolving door) and personal interlocks tied into the buildings access control system. A security revolver may be equipped with a contact mat, scales (sensors to detect and prevent tailgating and piggybacking), or internal monitoring. A personal interlock or “mantrap” would also work to prevent tailgating and piggybacking by only allowing one person through at a time.
A recent article the International Society of Automation’s flagship publication InTech, provided a list of best practices to help inventory a comprehensive security audit for a facility data center that included:
Conducting regular audits that check for any vulnerabilities in the data center facilities that are provided to ensure security. Check to see if access control systems, video surveillance cameras, and electronic locks are functioning and are being maintained. Check if any job role changes in the employees call for an update in the procedures and systems.
Strengthening access control systems. As an outcome of the audit checks, any facility requiring extra protection should receive additional security. For example, multiple verification methods for personnel entry into a certain area may be recommended, such as an access card and fingerprint or retinal recognition.
Enhancing video surveillance. Video cameras should include both indoor and outdoor areas of the facility. Similar to the access control systems, coupling these with 24-hour surveillance by security staff can significantly enhance the safety of the facility.
Enforcing security measures. This requires employee training on the security measures to be followed and the consequences if procedures are violated.
The article added that while most organizations focus on software security and firewalls, a breach in physical security could cause the theft of data and devices that will make software security useless. It is important to conduct a risk assessment study in compliance with ISO 27001 and implement appropriate security controls to ensure a secure data center.
Suprema recognizes that your data center is home to the most valuable assets of your company. Physical security systems of data centers are simply barring any local regulatory restrictions: that is, to keep out the unauthorized people from the facility. Suprema’s latest biometric access control solution is designed to meet stringent requirements from modern data centers. Combining the world’s leading biometric technology, distributed system topology, and integration with 3rd party solutions, Suprema provides the most secure physical access control solutions for data centers.