Securing restricted information at the rack level within the data center
By Steve Spatig
With reports of widespread data breaches in the global spotlight, data center managers are under increasing pressure by regulatory bodies to ensure that access to restricted information is protected. Cyber security remains a number one priority, but in many cases, data breaches occur because an employee is given temporary physical access to that data in some way. Within the data center environment, preventing unauthorized physical access to sensitive government data is crucial.
Securing information within the data center presents heightened physical security and access control challenges. Heavy-duty perimeter security and room level access control prevents access to the building and server rooms, but once inside, data storage equipment may not include that same level of security. In some co-location centers for instance, cabinets containing particularly sensitive data are protected by a chain link fence enclosure; however, these cabinets are still at risk should an unauthorized individual gain access to that enclosure.
Given that a large percentage of security breaches are perpetrated by insiders, this level of security is insufficient. Strictly enforced regulations, such as HIPAA (the Health Insurance Portability & Accountability Act), SOX (Sarbanes Oxley), FISMA (the Federal Information Security Management Act) and CIP (the Critical Infrastructure Protection Act), heighten the demand for physical security controls to access this sensitive data.
For complete physical security, the actual server cabinets should be secured to the same degree as the data center itself. Verification of credentials for access control and, where required, auditing at the rack level can prevent costly data breaches and stiff penalties for noncompliance. Data center managers can avoid these risks by incorporating intelligent, reliable electronic locking mechanisms at the rack level to protect access to valuable government information.
Intelligent locking systems specifically designed for server cabinets
Effective intelligent electronic locking systems are specifically designed for server cabinets with a flexible, open architecture that allows them to be easily integrated with any existing security system. A complete electronic access system has three components: an intelligent electromechanical lock, user interface and remote control and monitoring capabilities.
High-quality, reliable electronic locks are critical to the successful operation of a complete solution. Intelligent locks grant access only to validated users and can also provide critical output signals for external security monitoring and auditing. When combined with an electronic lock, the access controller, or user interface, validates the user credential and signals the cabinet to open. Electronic locks can be operated through a variety of access control devices, such as digital keypads, Bluetooth, RFID (radio frequency identification) and biometric readers.
Electronic access offers the simplest way to identify which racks have actually been accessed – by whom, when and for how long. Once access is triggered by an electronic signal, a digital signature is created and archived for future audit trail reporting, either on site or remotely. Other devices, such as indicator lights or alarms can also be set for local alerts. This information is particularly useful for agencies who must meet security compliance requirements which may require submission of an audit trail report, which can also facilitate investigation should a data breach occur.
Additionally, maintaining automatic digital documentation is more convenient than manually tracking and recording access. Rather than keeping track of mechanical keys – particularly in a co-location setting – electronic access allows administrators to upload (or delete) electronic credentials from their user database. Updates to the approved list can even be made remotely, from anywhere in the world.
Solutions for integrating rack-level electronic access
Since different data storage environments have their own unique security requirements, tailoring electronic access solutions to the needs of a data center’s existing infrastructure is essential. An experienced electronic access solutions provider will recommend only the level of complexity that makes sense for the application, and should be able to retrofit the new devices to existing cabinets and security systems. There are numerous solutions for upgrading existing security systems to incorporate rack-level security.
Self-contained solutions for instance, are the simplest form of electronic access. Useful for simplified key management and other basic functions, these battery-powered solutions are easy to install, and provide electromechanical locking and access control in one package, with no wiring involved. Standalone solutions are another option that provides local plug-and-play access control, independent of any network. Standalone solutions do not typically require any software for operation and cannot be accessed remotely.
Integrated solutions on the other hand, offer cabinet level access control that can be integrated with building access control and monitoring systems, extending an existing networked access control system down to the rack level. Independent networked solutions can be used to monitor and manage multiple rack access points from a host computer for remote system configuration, access control and monitoring.
Applying physical access control across the facility
In today’s highly regulated data center environment, access control and monitoring at the rack level are a must. While significant resources are dedicated to fighting online cyber-attacks, physical protection of stored data is equally as important – especially for government bodies. The need for increased security and compliance with a myriad of regulations necessitate access control and monitoring capabilities for the actual cabinets where data is stored. Data center managers can achieve physical access control by implementing electronic access solutions, which offer solutions for audit trail maintenance and compatibility with existing facility wide security systems. Protecting data within government facilities requires the same level of access control for racks as the buildings that house them.
Steve Spatig is general manager of Electronic Access Solutions at Southco.