Physical Security: Rack Security and Protection
December 5th, 2012 By: Industry Perspectives
Mark Hirst, product manager for Cannon Technologies’ T4 Data Centre Solutions, is a Data Center design expert with a background in electronic control systems and industrial networks.MARK HIRST
As well as housing a plethora of important active equipment, cabinets and racks also need to protect the sensitive data contained within them. In this post, I will explain why sophisticated security, access control and monitoring technology are essential components of any modern containment solution.
Security ranks highly on any data center manager’s list of priorities and it’s not difficult to understand why, especially when you consider the devastating impact that downtime or data theft can have on a business.
With any data network, there is always a risk that the information that flows through it could be intercepted and used for malicious purposes. However, there are a number of security processes that can significantly reduce the likelihood of this happening, including the physical and organizational security of the core network.
At the cabinet and rack level, what was once a straightforward steel structure is now a sophisticated device that is the critical element in delivering the needs of today’s advanced data centers. Therefore, an integrated security approach at this level is hugely important and, as a growing number of organizations are finding out, not only must they secure these infrastructure components, they must be able to prove the efficacy of their auditing systems to one or more governance bodies.
For companies that have to comply with legislation such as Sarbanes-Oxley, Basel II, PCI-DSS and the FSA, their data centers must adhere to strict asset documentation, configuration and change management, as well as rigorous and transparent documentation policies. In colocation facilities, high levels of security are also required in order to comply with service level agreements (SLAs), as any data breach can prove costly both financially and in terms of reputation – something that would make recovery a nearly impossible challenge.
In the financial sector, data protection and corporate responsibility legislation is extremely stringent and even states that a company’s head office and corporate data center must be sited in separate locations. With such rigorous security requirements, it is this industry that is setting the benchmark for how access control and monitoring technology is being deployed.
Many and Varied
While having a permanent staffed security presence at a data center is not at all uncommon, it usually forms part of a multi-layered approach which includes a range of technology that monitors and controls access both into and within the premises. When it comes to restricting access to data, securing the cabinets and racks that house servers and other active equipment is crucial. There are a number of ways that this can be achieved, and perhaps the most obvious is the use of reliable and intelligent locking systems.
Modern locking systems such as swing-handles are highly secure, robust, ergonomic and can be retrofitted. However, to add another layer of protection they can be fitted with an electronic keypad that simply screws to the back of the standard swing-handle, converting it into a remote access solution. The tamper proof cabling to the lock itself can also be routed through the internal door skin to hide it from view and further increase security.
The locking system will usually be used in conjunction with a personal identification number (PIN) or radio frequency identification (RFID) device. When it comes to room, row or cold-aisle entry, one reader device may open all the locks in the cabinets in a particular row if required, while locks can also be unlocked in groups or by user privilege settings. The availability of intelligent access control also means that PINs can be issued that expire after a certain period of time and can only be used to gain access to specific cabinets.
In unstaffed environments, it is necessary to be able to remotely monitor and control access to hardware. Software is now available that provides local and/or remote control of racks, cabinets, hot and cold aisles, cages, data rooms or outside enclosures. Based on ‘plug and play’ modules that can be used stand alone or daisy chained together into a high security, resilient system, this technology enables remote control from multiple locations concurrently, with full event recording and a rolling 24-hour audit trail.
This also ensures only authorized personnel can access the cabinets following a request and authorization from a central source, which can additionally carry out access code changes remotely.
They can also be configured so that they require two people – for instance, a technician and a security operative – to go through an authentication process before the cabinet will unlock. When in, CCTV cameras can be triggered to record the access session or a simple photograph taken of the person(s) involved. Again, with these systems a full audit trail, including the video footage if taken, is stored for future reference.
Alarms can be generated if unauthorized entry is attempted or an unusual condition or problem is detected, such as if humidity levels within the facility rises above a pre-defined threshold. This allows designated staff to carry out an investigation that complies with any regulation and SLAs.
Remember that the described security systems are, in reality, nothing more than control systems. The question is have they been through a rigourous security design process? Or will we see the same type vulnerabilities appearing in these systems that we have been seeing in industrial control systems over the last two years?