Marcey Tweedie, Marketing Specialist at Morse Watchmans asks how we can improve the physical security of data centres?
Data centres provide ultra-secure environments for businesses to store and process critical information assets through a network of computer software and hardware and information technology operations.
Although data centres are not easily accessible, criminals still manage to cause data breaches, even when the most powerful firewalls and antivirus software are in place. Criminals have also masterminded and orchestrated sophisticated physical computer hardware heists, making away with all the data stored on them and using or selling the computer hardware through the black market.
Avoiding complacency and maximising security
Whilst cybersecurity is vital to data centres, physical security is equally as important. Firewalls and antivirus software alone are not enough to protect against data breaches. When there are cracks in the physical security of a data centre, criminals can wreak alarming and devastating crimes that cause businesses to have major financial fallout. If criminals figure out how to enter a data centre, whether this be through a service portal or rooftop door, or even with stolen or breached access control cards, the consequences are potentially catastrophic.
Major crimes at data centres result in steep fines and potential lawsuits from customers. Then, there’s the operations’ nightmare of software, firewall and reputation recovery to repair the damages. Although security plans will not 100% eliminate all criminal activity, it is vital to frequently review, audit and upgrade security strategies and tactics to reduce risk. Complacency brings the right kind of environment for thieves just waiting to strike at the right time. The goal is to never give intruders the opportunity to prey upon your weakest link in the data centre security chain.
So, just what needs to be physically secured at a data centre? Regular physical security audits of a data centre facility include: Entryways and portals such as service entrance doors; Rooftop doors and vents; Mechanical rooms including HVAC, electrical and power supply areas as well as fire detection systems; Supply and equipment rooms; Offices and conference rooms; Computer and communication rooms; Hardware components including computers, modems, cables, routers and hard drives; Power supply sources including generators used for outages; Shipping and receiving areas and customer server cages.
While many of these physical security areas are protected well with access control systems and video surveillance solutions, all locks and keys need to be secured and accounted for as well. Electronic key control systems are a key makeover tool that can make all the difference in data centre physical security. Key control systems can also be integrated with existing access control systems to get the big picture of actual time data centre activity.
Key control for data centres
Key control systems secure all facility keys and automatically track their usage. When assigned users access the system by typing in a PIN code or password, or through fingerprint or facial recognition biometrics, the touchscreen provides guidance on key removal and return. Voice prompts help users ensure that proper key retrieval and return protocols are followed.
Security administrators can locate any key in the system, see which keys are out, who has it out and in what area and when they will become overdue. Keys can be returned to any cabinet in the network, but if a key is not returned when scheduled, alarms, email alerts and text messages prompt administrators who can then act immediately. Since all key removal and key return transactions are recorded, email audit trails and reports are instantly available through a reports function for any user at any time.
Besides being an effective tool to add another layer of physical security, electronic key control also protects against insider threats. Electronic key control makes it possible to have double, or even triple authentication access to restricted areas inside the building using individual PIN numbers and passcodes. The dual or triple authentication capability on the key control system makes it possible to protect more sensitive server cages; this in turn creates a requirement that multiple users sign a key out and back in again to prevent a single user from simply handing off a key to an unauthorised person.
A comprehensive solution
Key management systems also have the capacity to secure other assets such as wallets, handheld radios, smart phones and portable laptops/smart tablets. The modular design includes options for keys, cards and single-door and dual-door lockers to store these items securely, safely and efficiently. As needs change, the systems can be expanded or reconfigured.
Adding key control as a security measure to a data centre provides another layer of security for all the data it stores, helping to maintain compliance. Multiple layers of security technology including key management systems will provide sophisticated access control solutions to all physical areas of data centres. Providing the highest levels of security will keep data centres compliant and significantly reduce the risk of financially devastating data breaches that impact data centre customers.
By adding physical key audits to the master plan of a data centre, there is more likelihood that such facilities will have the protection needed to keep operations running smoothly and securely without incidents of theft. Ultimately, cyber criminals and hardware thieves are not going away anytime soon. This may be just the right time to conduct a physical security audit and improve data centre physical security with a key management system.
To find out more information about Morse Watchmans, visit: www.morsewatchmans.com
This article was originally published in the March edition of Security Journal UK. To read your FREE digital edition, click here.