Migrating to IP-Based Physical Security in the Data Center

Data centers are no longer just resources to improve processes and productivity, but are becoming vast repositories of sensitive personal, enterprise and government information that dramatically impact how people interact on an individual level. With concerns growing about personal privacy and national security, data centers are quickly becoming the 21st century version of Fort Knox.

As more people become comfortable with putting their information on the Web and government agencies look to high-speed networks to improve cooperation and efficiency, more and more personal information such as Social Security numbers, medical records and credit cards are being stored in data centers. The transfer of data is becoming more fluid: smart grids are linking data centers and power plants while consumers readily transfer personal information among several companies through a few clicks. To protect the nation’s critical infrastructure from terrorist attacks, identity fraud or information warfare, the need for robust, IP-based security in the data center is becoming increasingly important.

Migrating to an IP-based physical security system in the data center provides improved response time to security breaches. The ability to track people, limit access to areas and spaces, provide an audit trail of who accessed what area, and integrate with video to provide visual records is accommodated by the real-time capabilities of today’s high-speed networks. Additionally, the structured cabling approach of an IP-based system creates a modular, flexible implementation for easier moves, adds and changes. Lastly, the digital recording formats utilized by networked video recorders gives security personnel the ability to record, store, search, retrieve, share and send data with a greater degree of efficiency when compared with traditional analog-based recording systems.

Threats both Outside and In

To fully protect personal or national interests against potential attacks, cyber security measures and strategically placed cameras alone are not sufficient. With the consolidation of server hardware through virtualization driving up the data value per cabinet, there is an increased risk and chance of more damage or loss because more data are held per cabinet. As data becomes more accessible, security threats can come from both the inside and outside. Recent studies have shown that most employers feel that employees are a greater threat to security than external forces. Employees also admit (more than 40 percent) that they have taken sensitive data with them to a new position. Some say (25 percent) that they would take the data anyway, regardless of the penalties. There are also new regulatory requirements such as Sarbanes-Oxley (SOX) and the Payment Card Industry Data Security Standards (PCI DSS), which necessitate better oversight and auditing of the IT systems that contain sensitive financial data.

Computer Room Layer Controls

Access points in the data center are much more limited than the general facility, which makes monitoring easier and more targeted. By using additional controls such as biometric access control, environmental monitoring and RFID asset tracking, the computer room has heightened security compared to the outer layers of the building. The computer room relies on redundant power and communications networks to ensure security is maintained at near 100 percent levels of availability. It further restricts access by monitoring all authorized users and integrating systems for enhanced awareness. Multiple forms of verification are needed to gain access to this level. A problem that might persist at the facility level but needs to be eliminated at the computer room is tailgating, which is two or more people move through an access point without providing credentials. Using biometric access control and close visual monitoring utilizing high resolution CCTV cameras, access can be better restricted to address this problem and secured enclosure.

Cabinet-Level Controls

A second layer of data protection beyond the computer room layer controls in the data center is electronic locking at the cabinet level. An ideal cabinet-level locking solution integrates with existing enterprise access control system, which effectively extends the audit trail capabilities from the perimeter layer of the facility to the individual cabinet doors within the data center. As noted earlier, many enterprises are not only worried about external threats, but also internal ones as well. A cabinet-level locking solution allows enterprises to maintain control over the most sensitive computing and network equipment.

Power of Integrated Systems

With an IP-based system, data are exchanged across the network without additional infrastructure required. Data, events or alarms from the video and intrusion system are integrated together and may be used to create more nuanced alarm event definitions. Integration saves time by correlating events and timelines. This creates a completely new world of efficient image and data management, which ultimately allows for better record, store, search, retrieve, share and send capabilities. Achieving this type of interoperability is made possible by utilizing a Category 6 or Category 6A structured cabling infrastructure that provides the sufficient bandwidth to handle the massive amount of data generated from the security systems, especially video.

Editor’s note: Special thanks to Anixter for the above information.