Mark Hirst, product manager for Cannon Technologies’ T4 Data Centre Solutions, is a Data Center design expert with a background in electronic control systems and industrial networks.
Data center security has always been an issue for anyone involved in commissioning and maintaining a data center, but the falling costs of technology over the last few years has meant that fingerprint security at the cabinet level has become a cost-effective reality.
"Aha," I hear you say, "but there are cheaper security options available."
A couple of years ago I would have been forced to agree with you, but the costs of fingerprint biometric technology and its allied systems – and supporting infrastructure – have now fallen to the point where it has become an extremely viable option for even the most careful of corporate accountants to consider.
Benefits Beyond Lowered Cost
And not just cost-efficient, but efficient – period.
The time taken to verify a fingerprint at the scanner is now down to a second and because the templates – which can update to/from a centralized server on a regular basis – are maintained locally, the verification process can take place whether or not a network connection is present.
And the enrollment process is similarly enhanced, with a typical enroll involving three sample fingerprints being taken on a terminal, and the user then able to authenticate themselves from that point onwards.
The concept of self-authentication is an important one. Unlike a physical token such as swipe-cards, RFID contactless cards and even good old key codes - which can be used/misused by anyone in possession of the token or code - the fingerprint biometric is uniquely personal to the owner.
Security Better Than Shown in Hollywood Films
Furthermore – and despite what you may have seen in the movies - today’s technology can even verify whether the fingerprint is attached to a live person. The days of "Mission Impossible"-style forgeries are now long gone: no person, no authentication.
This level of efficiency, cost-effectiveness and all-round reliability of fingerprint security – even in a fail-safe "network down" scenario – means that a growing number of clients are now securing their IT resources at the cabinet level, integrating the data feed from the scanner to other forms of security such as video surveillance.
One can, for example, tie in the scanner feed with a video feed – even verifying the employee and adding their name/employee number to the digital video audit record that a growing number of data center clients now require.
These requirements stem from governance rules from national bodies and organizations such as the Wakefield, MA-headquartered Payment Card Security Standards Council, which controls the Payment Card Industry Data Security Standard (PCI DSS) governance rules for card-accepting businesses.
PCI DSS rules apply to organizations of all sizes and are a governance requirement for any business or agency that accepts credit/debit cards and processes their own data. Version 2.0 of the rules is currently operational and v3.0 is expected towards the end of 2012.
This integrated security approach at the cabinet level is an important part of the audit process as a growing number of organizations are finding that, not only must they secure their racks and cabinets, but they must be able to prove the efficacy of their audit systems to one or more governance bodies.
You might think, "Well it’s not going to affect me, I’m not processing financials." Yet, the reality is that, in the modern data center environment – which typically has multiple contractors and staff constantly working at multiple sites – the individual cabinets are frequently processing many millions-of-dollars-worth of data per hour, so the cost of any downtime – however caused – can have eye-watering consequences.
This is particularly important in these security-conscious times with the threat of accidental and malicious interference hanging over any data center operation, no matter how large or small.
And it’s for these reasons that a growing number of clients – especially those that rent space on a colocation basis, either on a local/remote or a private cloud computing basis – and who are looking for an auditable GRC (governance, risk and compliance) security system that per-cabinet security is long overdue.
But wait – it gets worse – as with more draconian non-U.S. governance rules, such as impending European Commission-led data privacy legislation that has data breach penalties of up to two per cent of an organization’s global turnover – and which will make Sarbanes-Oxley look like a walk in the park - that the impetus for fingerprint security at the cabinet can only get stronger.
Do the EU rules apply to your organization? Like Sarbanes-Oxley, the impending new European Union rules are pervasive as, if you have operations within any one of the 27 EU member countries, they almost certainly apply to your IT and business operations.
If you are in IT, then you are in data security. Make sure your IT infrastructure is too.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.