Migrating to IP-Based Physical Security in the Data Center
As more people become comfortable with putting their information on the Web and government agencies look to high-speed networks to improve cooperation and efficiency, more and more personal information such as Social Security numbers, medical records and credit cards are being stored in data centers. The transfer of data is becoming more fluid: smart grids are linking data centers and power plants while consumers readily transfer personal information among several companies through a few clicks. To protect the nation’s critical infrastructure from terrorist attacks, identity fraud or information warfare, the need for robust, IP-based security in the data center is becoming increasingly important.
Threats both Outside and InTo fully protect personal or national interests against potential attacks, cyber security measures and strategically placed cameras alone are not sufficient. With the consolidation of server hardware through virtualization driving up the data value per cabinet, there is an increased risk and chance of more damage or loss because more data are held per cabinet. As data becomes more accessible, security threats can come from both the inside and outside. Recent studies have shown that most employers feel that employees are a greater threat to security than external forces. Employees also admit (more than 40 percent) that they have taken sensitive data with them to a new position. Some say (25 percent) that they would take the data anyway, regardless of the penalties. There are also new regulatory requirements such as Sarbanes-Oxley (SOX) and the Payment Card Industry Data Security Standards (PCI DSS), which necessitate better oversight and auditing of the IT systems that contain sensitive financial data.
Computer Room Layer ControlsAccess points in the data center are much more limited than the general facility, which makes monitoring easier and more targeted. By using additional controls such as biometric access control, environmental monitoring and RFID asset tracking, the computer room has heightened security compared to the outer layers of the building. The computer room relies on redundant power and communications networks to ensure security is maintained at near 100 percent levels of availability. It further restricts access by monitoring all authorized users and integrating systems for enhanced awareness. Multiple forms of verification are needed to gain access to this level. A problem that might persist at the facility level but needs to be eliminated at the computer room is tailgating, which is two or more people move through an access point without providing credentials. Using biometric access control and close visual monitoring utilizing high resolution CCTV cameras, access can be better restricted to address this problem and secured enclosure.
Cabinet-Level ControlsA second layer of data protection beyond the computer room layer controls in the data center is electronic locking at the cabinet level. An ideal cabinet-level locking solution integrates with existing enterprise access control system, which effectively extends the audit trail capabilities from the perimeter layer of the facility to the individual cabinet doors within the data center. As noted earlier, many enterprises are not only worried about external threats, but also internal ones as well. A cabinet-level locking solution allows enterprises to maintain control over the most sensitive computing and network equipment.
Power of Integrated SystemsWith an IP-based system, data are exchanged across the network without additional infrastructure required. Data, events or alarms from the video and intrusion system are integrated together and may be used to create more nuanced alarm event definitions. Integration saves time by correlating events and timelines. This creates a completely new world of efficient image and data management, which ultimately allows for better record, store, search, retrieve, share and send capabilities. Achieving this type of interoperability is made possible by utilizing a Category 6 or Category 6A structured cabling infrastructure that provides the sufficient bandwidth to handle the massive amount of data generated from the security systems, especially video.
Editor’s note: Special thanks to Anixter for the above information.