Under lock and key
Deploying appropriate technology is necessary to protect business critical information stored within racks and cabinets at data centres says Mark Hirst.
Under lock and key
Security is an essential element of any data centre operation and anyone who fails to recognise its importance is dicing with disaster. In terms of the physical infrastructure, racks and cabinets are the last line of defence and, therefore, as well as housing a wide variety of important active equipment, they also need to protect the sensitive data contained within them.
For companies that have to comply with legislation such as Sarbanes-Oxley, Basel II and PCI-DSS, their data centres must adhere to strict asset documentation, configuration and change management, as well as rigorous and transparent documentation policies.
In colocation facilities high levels of security are also required in order to comply with service level agreements (SLAs), as any data breach can prove costly both financially and in terms of reputation.
Furthermore, to underline a commitment to security best practice, some data centre managers are choosing to become certified to ISO 27001. This international standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system.
A security strategy usually takes the form of a multi-layered approach that includes a range of technology that monitors and controls access both into and within the premises. When it comes to restricting access to data, securing the cabinets and racks that house servers and other active equipment is crucial and there are a number of ways that this can be achieved.
To begin with, modern locking systems such as swinghandles are highly secure, robust, ergonomic and can be retrofitted. However, to add another layer of protection they can be modified to incorporate an electronic keypad that simply screws to the back of the standard swinghandle, converting it into a remote access solution. The locking system will usually be used in conjunction with a personal identification number (PIN) or radio frequency identification (RFID) device.
Many data centre managers are searching for a means of protecting equipment access using something more than just a password. One particular technology set that is becoming increasingly popular within the data centre environment is biometrics.
These products and systems automatically measure an individual's physiological or behavioural characteristics and examples include automatic fingerprint identification, iris and retina scanning, face recognition and hand geometry. The major advantage that this type of solution has over PINs or RFID cards is that it cannot be lost, transferred or stolen, and is completely unique.
The time taken to verify a fingerprint at the scanner is now down to a second because the templates are maintained locally and the verification process can take place whether or not a network connection is present. Furthermore, the all round reliability of biometric technology means that IT resources can be highly secure at the cabinet level and the data from the scanner can be integrated with other forms of security, such as video surveillance.
Software is now available that provides local and/or remote control of racks, cabinets, hot and cold aisles, cages or outside enclosures, with full event recording and a rolling 24 hour audit trail.
Cabinets can have a video recording system installed that can either record constantly or be activated in the event of an access attempt. The system will send the data centre manager an email containing a still image of the person trying to gain access.
Being able to keep track of data centre assets is an important piece of the security jigsaw that can sometimes be forgotten. With the intention of eliminating the use of manual spreadsheets for tracking inventory, RFID based asset management tags and sensors can provide instant awareness of where data centre assets are located. Some of these products also feature a tamper notification system that is triggered when tags are removed, replaced, or altered, allowing designated personnel to respond.
The threat of data theft and damage to equipment must be taken seriously – those that fail to implement a thorough multi-layered system run the risk of damaging their businesses and reputations. Rather than just being seen as metal boxes, cabinets and racks are, in fact, at the front line in keeping data safe and ensuring that audit trails comply with relevant legislation.
Contributed by Mark Hirst, head of T4 Data Centre Solutions with Cannon Technologies.