Securing the sensitive data housed in racks and enclosures

Sophisticated access control and monitoring technology is an essential component of any containment solution.

10cimsecurity 1

From the October 2012 Issue of Cabling Installation & Maintenance Magazine

Sophisticated access control and monitoring technology is an essential component of any containment solution.

By Michael Varcoe, Cannon Technologies USA

Security ranks highly on any data center manager's list of priorities and it's not difficult to understand why, especially when considering the devastating impact that downtime or data theft can have on a business.

For companies that have to comply with legislation such as Sarbanes-Oxley, Basel II, Payment Card Industry Data Security Standard (PCI-DSS) or the Financial Services Authority, their data centers must adhere to strict asset documentation, configuration and change management, as well as rigorous audit-trail documentation policies. In colocation facilities, high levels of security are also required in order to comply with service level agreements (SLAs), as any data breach can prove costly both financially and in terms of reputation.

In the financial sector, data protection and corporate responsibility legislation is extremely stringent and even states that a company's head office and corporate data center must be sited in separate locations. With such rigorous security requirements it is this industry that is setting the benchmark for how access control and monitoring technology is deployed.

While having a permanent manned security presence at a data center is not at all uncommon, it usually forms part of a multi-layered approach that includes a range of technology that monitors and controls access both into and within the premises.

When it comes to restricting access to data, securing the cabinets and racks that house servers and other active equipment is crucial. There are a number of ways that this can be achieved, and perhaps the most obvious is the use of reliable and intelligent locking systems.

Modern locking systems such as swing handles are highly secure, robust, and ergonomic and can be retrofitted. However, to add another layer of protection they can be fitted with an electronic keypad that simply screws to the back of the standard swing handle, converting it into a remote access solution. The tamper-proof cabling to the lock itself can also be routed through the internal door skin to hide it from view and further increase security.

10cimsecurity 1
Cannon's Data Center Manager software application implements secure password and role permissions on users to ensure main sites and remote systems are equally secure.

The locking system will usually be used in conjunction with a personal identification number (PIN) or radio frequency identification (RFID) device. When it comes to room, row or cold-aisle entry, one reader device may open all the locks in the cabinets in a particular row if required, while locks can also be unlocked in groups or by user-privilege settings. The availability of intelligent access control also means that PINs can be issued that expire after a certain period of time and can only be used to gain access to specific cabinets.

An increasingly popular way of ensuring that only authorized personnel have access to cabinets is by using biometric technologies. These automatically measure people's physiological or behavioral characteristics; examples include automatic fingerprint identification, iris and retina scanning, face recognition and hand geometry. The major advantage that this solution has over PINs or RFID cards is that it cannot be lost, transferred or stolen and is completely unique.

10cimsecurity 2
One measure of enhancing the security of a cabinet locking system is to add an electronic keypad that mounts onto the existing handle, thereby converting it into a remote access solution. Usually this type of locking system is used in conjunction with a personal identification number or a radio frequency identification device.

In the event of a security breach, being able to identify the person(s) trying to gain unauthorized access to a cabinet is extremely useful. Fortunately, there are a number of tools that can help to achieve this.

Cabinets can have a video recording system installed that can either record constantly or be activated in the event of an access attempt. The system will send the data center manager an email containing a still image of the person trying to gain access. That person can then remotely access the video system and watch events unfold; when an audio device is also used, the unauthorized person can be addressed verbally. State-of-the-art systems also allow recording devices from eight cabinets to use one network video recorder (NVR), which also makes this method of monitoring cost-effective.

10cimsecurity 3
Some of the video-recording devices used to secure cabinets and racks in data centers are discreet and nonintrusive, like this smaller-than-a-thumb camera.

Video forms part of an authorized audit trail that details movements in the facility. Although this comes with its own independent remote software package, it can also be incorporated into a data center infrastructure management (DCIM) system. Not only can this be used to monitor, control access and designate user privileges, it also can manage elements such as power usage and optimization, environmental control and fire-suppression systems with a single suite of dedicated software.

The threat of data theft and damage to equipment must be taken seriously. Those failing to implement a thorough, multi-layered system run the risk of damaging their businesses and reputations.

Rather than just being seen as metal boxes, cabinets and racks are in fact at the front line in keeping data safe. They also play what can be a critical role in ensuring that audit trails comply with relevant best practices and legislation.

Michael Varcoe is director of the Americas for Cannon USA.

More in IP Security & AV