How to Confront Data Center Security Threats with Key Management
Threated by the increasing ingenuity of hackers in addition to the already problematic challenges of employee theft or industrial espionage, organizations today are taking serious steps to improve protection of their networks and data centers. For many, this means multiple layers and types of safeguards including physical measures such as video surveillance or mantraps and established policies and procedures that limit physical access such as the use of key management and access control systems.
Key systems are designed to securely hold keys and automatically track key usage. To access a stored key, the authorized user simply enters his or her personal identification code on the keypad, and when the system verifies the user, the door will open and the location of the requested key will light up. Key control systems can also be configured with card readers or biometric readers and can be networked for centralized control. At any time, security operations can view the status of any key in the system; quickly locate any key in the system; determine who currently has which keys out and for what area and when they are scheduled to be returned; or determine who has had keys out, for what areas and when. Keys can be returned to any cabinet in the system, but if a key is not returned when scheduled, email alerts and text messages can be sent to selected individuals to enable quick action.
These types of automated key management systems can be ideal for use in a data center facility because, in addition to the security they provide, they also offer a variety of control and usage options. Following are a few scenarios that illustrate how implementation of these options can help ensure a more secure facility.
Specialized Enrollment – This application entails enrollment of individuals based on their function. For example, an operations center engineer can be authorized for 24/7 key access, whereas a technician may be restricted to accessing a particular key at certain times and for specific amounts of time. Similar access restrictions/permissions are easily programmed for personnel such as cleaning staff or security guards who have reason to be on the premises but are not company employees. System administrators can quickly and easily terminate or revise an individual’s access in the event they leave their job or their shift is changed. Additionally, keys are securely attached to a fob which prevents switching or duplicating keys.
Access Control – To address security concerns in high-risk environments such as data centers, a Remote Box provides an additional layer of protection. The key control cabinet is installed in a secure room where it is protected from any potential vandalism or tampering and the Remote Box is typically installed outside the secure room. Once an authorized employee inputs their PIN and other information into the Remote Box and it is validated, a second employee inside the secure room inputs their information as well, providing access to the key for which the first employee is authorized.
The versatility of the key control systems also lends itself to more complex applications in larger data center environments, as when multiple pieces of identification are needed to move about the data center. In this example, a general access badge would allow the employee entrance to the building and a second badge would be used to access internal areas of the data center facility. To maintain tight security, the internal access badge would be secured in a key cabinet when not in use by the authorized employee.
Custom Tailored Configurations – Sophisticated key management allows for a wide range of configuration and installation options including other items found in a data center to which access also needs to be controlled. Examples might include radios, cellphones, hand-held computers, specialized test equipment and so on, that are used by different personnel through the course of any given day and are both expensive and represent potential security breaches if stolen or misplaced. Additional modules for the system such as lockers can hold and control access to these devices, complete with an audit trail to record when they are removed and by whom. And, as access control systems continue to proliferate, the access devices themselves such as magnetic cards or proximity devices need to be secured in the same way as physical keys do. More advanced systems also accommodate these devices with specifically designed modules that can be used in any combination with standard key or locker modules.
As the world continues to virtualize, more and more information is being stored on the cloud. This data can be extremely sensitive and is continually under attack from outside and inside influences. Today’s key control systems deliver ample testament to the benefits of reducing security threatswith a well implemented key management system.