Data Center Security – Physical Security and Access

In today’s connected world, data center security is a big concern. With millions of servers storing our most personal information and as people look more and more towards cloud-based storage technologies, data security becomes even more vital.

Data volumes are growing daily with forecasts pegging the total required storage at 44 zettabytes by 2020. (statistic from IDC’s annual digital universe study http://uk.idc.com). To accommodate this data expansion the number of data centers being built around the world has increased, with a growth rate between 2016 – 2020 of 15%.

 

With all this data being stored, the risk of security breaches is ever-present. The Identity Theft Resource Center (ITRC) defines a security breach as “an incident in which an individual name, plus Social Security, drivers license number, medical or financial records is potentially at risk because of exposure”. The ITRC reports that 717 data breaches occurred in 2016, potentially exposing 176 million records.

Data Protection

Protecting this data has become an industry itself. Most efforts being made for data center security and cloud-based technology providers focus on the “Cyber Security” side of the threat. Using encryption technologies, firewalls and alike, but you should never underestimate the physical security threat to information that is stored in data centers. Many Small and Medium sized businesses are now moving to hosting applications in collocated data centers. Collocated data centers give favorable cost savings for many small businesses who cannot afford access to dedicated data centers. Collocating, however, brings its own set of security issues as companies must safeguard against the risk of theft, damage to valuable equipment and data being compromised.

Many data centers are built in remote locations and from the outside resemble something akin to a military complex. Extensive security measures are often employed around the perimeter of the data center. However, in most cases of physical security breaches, the threat comes from the inside (Edward Snowdon, for example, is a case of a serious security breach that came internally and due to his physical access to the servers). Statistics indicate that malicious, or accidental, breaches in data center security account for between 9-18% of the total data breaches, and cost the industry $400 billion annually

Physical Access

By implementing an effective access control strategy inside the data center, one that provides a complete trail of employees activities can highlight suspicious or irregular behavior, giving the security team the opportunity to pre-empt security breaches and act upon the situation. Most racks come with a key and lock solution, which provides no audit of who accessed a cabinet, when and how long they were there. Even coded lock systems on cabinets do not provide this type of analytical data. The next step and those forward-thinking data centers are already implementing, keycard or biometric style access control systems down to rack level which is also integrated into a wider building access control system. This brings reliable access control management and reporting to the individual rack, and in some cases where needed different access credentials for different racks, or parts of a rack. This type of access control eliminates the need for cages and saves cost and space. There is a growing number of data security standards such as PCI DSS, HIPAA, FISMA. Implementation of this kind of system helps the data center comply with these new and evolving standards.

Access Control Systems

Upgrading of racks to an RFID cabinet lock access control system is a relatively straightforward procedure, with many racks having standard panel preparations for swing handles, there are standard RFID type locks that can easily be fitted to existing cabinets, without the need for cutting and drilling. This makes it an affordable upgrade for physical access control that provides an audited trail of activities. Using standard RFID technology employees can often use their existing RFID cards and allows for integration to the building-wide access control system.

AKCP is the world’s oldest and largest supplier of SNMP enabled technologies for the data center. As part of their Rack+ system approach to the data center, they have incorporated physical access control in the form of RFID swing handle locks to their system. By employing AKCP’s technology you have an integrated environmental and security monitoring system for your cabinet, with thermal mapping, power monitoring, power switching and access control. All centrally administered and monitored by AKCPro Server.

The AKCP system secures not only access to the front and rear of the cabinet but also monitors side panels for security breaches. Should the front door be accessed with RFID credentials and a side panel removed no breach is detected. However, should a rack side panel be removed unauthorized an alert such as e-mail, SNMP trap, SMS or siren and strobe alarm can be activated. A manual key override is provided for emergency access, with key access events being logged and alerted. With IP based camera integration through AKCPro Server video footage is synched with access events in the payback event window. Immediately review video footage of access events to cross-check employee activities and suspicious access patterns.

Conclusion

As the number of data centers continues to grow worldwide, and the amount of data being stored increases, the threat of digital and physical breaches will be ever-present. An often overlooked aspect of data center security is the internal physical security, which can be addressed using technologies such as those offered by AKCP. Security must become more intelligent and integrated and affordable, and as an industry, the data centers need for physical security will become more paramount.