Stringent security protocols are one of the most important aspects of properly running any data center. With constant, round-the-clock advancements in technology, the focus of security protocols is often on things like cloud/cyber security, particularly because there have been any significant security breaches recently. Cyber security is certainly important and nothing to ignore, but it is also important to not forget about physical security. To provide the optimal and industry-acceptable level of security, data centers must provide security on multiple levels. This will help dramatically reduce the risk of a security breach, allow data centers to remain compliant to certain industry regulations, and will provide peace of mind to customers that everything is being done to protect data integrity. Ensuring proper physical security compliance will help data centers avoid costly data breaches, and the resulting penalties that may arise as well.
So often, physical security efforts are focused on access to data center grounds and to the facility itself. These efforts, while valuable and necessary are not where physical security measures should stop. Once inside the data center facility itself there should not be unrestricted access to server racks. There are a wide variety of individuals that must pass through a data center on a daily basis, including internal engineers, external engineers, data center staff, cleaning staff and more. Unfortunately, many data breaches are actually “inside jobs” and therefore security at the rack level is vitally important.
Colocation data centers must be particularly vigilant with rack level security because they often house multiple businesses’ security within the same data center and some of those businesses may even be in competition. It may sound like there is a simple solution – locked doors or cages for server racks – right? Unfortunately, wrong. Traditional locks can only be so complex and if a threat is able to gain access to data center grounds or get inside a facility, they can likely handle those locks. To meet industry standards and comply with federal regulations, it simply must go beyond that, as Schneider Electric points out, “Further increasing the pressure on those managing IT loads in such locations, regulations concerning the way data is stored and accessed extends beyond cyber credentialing, and into the physical world. In the US, where electronic health records (EHR) have become heavily incentivized, the Healthcare Insurance Portability & Accountability Act (HIPAA) demands safeguards, including “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.” Similar measures are also demanded, e.g., by the Sarbanes-Oxley Act and Payment Card Industry Data Security Standard (PCI DSS) for finance and credit card encryption IT equipment. In addition to building and room security, it has become vital to control rack-level security so you know who is accessing your IT cabinets and what they’re doing there.”
For best security, custom rack enclosures can provide peace of mind that they are far harder to access than standard, “off the shelf” enclosures. Additionally, many data centers are opting for biometric security, pin pads (where codes are changed frequently) or keycards. Biometric locks do not use traditional keys, rather, they scan things like fingerprints or handprints. Biometric locking systems have grown significantly in popularity because they provide truly unique access. Keycards can get lost and pin codes can be shared but a fingerprint or handprint cannot be easily shared or duplicated so it is a far more sophisticated security measure. Many worry about the consistency, accuracy and performance of biometric security but it has become incredibly advanced, as Data Center Knowledge notes, “The time taken to verify a fingerprint at the scanner is now down to a second. This is because the templates – which can be updated / polled to / from a centralized server on a regular basis – are maintained locally, and the verification process can take place whether or not a network connection is present. The enrollment process is similarly enhanced with a typical enroll involving three sample fingerprints being taken on a terminal, with the user then able to authenticate themselves from that point onwards. This level of efficiency, cost effectiveness and all round reliability of fingerprint security means that a growing number of clients are now securing their IT resources at the cabinet level and integrating the data feed from the scanner to other forms of security such as video surveillance.”
These electric locks that restrict rack access provide multiple levels of enhanced security. For example, with electric locks, when a user scans a fingerprint or inputs a code, a central server validates authenticity and then allows or restricts access. An additional advantage of using this method is that the electronic system will automatically generate a log that details who has accessed what, and when. This electronic tracking is far more convenient, as well as far more accurate, than manual tracking of access. These electronic systems can be directly connected to data center facility security systems so that, should there be a problem, systems can go into automatic lockdown and alarms can be sounded in an instant. Also, there are video surveillance options that come along with electronic-based security and monitoring. Video surveillance can be programmed to turn on when biometric scanning is being performed, when pin codes are being entered, when security cards are being swiped or more. Additionally, video surveillance can be programmed so that, when someone is accessing a rack it automatically captures an image of who is accessing the rack and sends it to the data center manager. The data center manager can then choose to watch the surveillance as it happens for an enhanced level of security. This level of security also may reduce the cost and need for a physical security guard, particularly when each rack is monitored by video surveillance. With this sort of security implemented at the rack level, there will be a detailed log of who is accessing what server and when, and should a problem arise, it will be immediately apparent at which server there has been a security breach. Further, with advanced electrical-based locking systems, they can be pre-set to only allow access at certain times. For example, if there should never be access “after hours” to certain racks, they can be set to only allow access for pre-determined times.
Another advantage of advanced electronic locking mechanisms is that they can be easily and effectively remotely monitored. Having on-site security staff is beneficial but is not always possible and, as previously discussed, it is advantageous to have multiple levels of security which is why remote monitoring is important. Many government and industry regulations now have strict security parameters that data centers must remain in compliance with or face strong penalties. These security standards are set to help protect secure financial, health and other sensitive information and they require multiple levels of security and that includes rack level security. To not protect rack level security means that many data centers will not be in compliance – a major (and costly!) problem.
While cost of implementation may seem prohibitive to some, many are now recognizing that the cost of a breach will likely be far higher. The same level of security used for facility access points should also be used at the rack level when optimizing data center security protocols. Whether you are retrofitting an existing data center or building a new data center, and whether your data center has 1 rack or 100 racks, they should each be secured separately at the rack level. Cyber security is a growing and complex arena, easily grabbing the attention of both the customer and the data center facility manager but it is critically important that physical security not be neglected. In an age where many businesses are foregoing their enterprise data center in favor of colocation, colocation providers must be stringent in their protection of their customer’s data – not just for peace of mind and best practices, but to remain compliant with federal regulations. If you think you are immune to a data breach, IBM Security’s most recent study will not put you at ease because they found that the global risk for a data breach in the next 24 months at 26 percent. And, the cost will not be small! The average consolidated total cost of a data breach is $4 million. While the cost to implement state-of-the-art rack level security will not be small, it is will continually pay for itself over time and will likely be far less than the cost of a security breach.