Protecting the business critical information stored within racks and cabinets is a key concern for all data centre managers. Charlie Bass, Business Development Manager at Cannon Technologies Middle East, examines how this can be achieved by using state-of-the-art security technology.
Security is an essential element of any data centre operation and anyone who fails to recognise its importance is dicing with disaster. In terms of the physical infrastructure, racks and cabinets are the last line of defence and, therefore, as well as housing a wide variety of important active equipment, they also need to protect the sensitive data contained within them.
Rules and regulations
For companies that have to comply with legislation such as Sarbanes-Oxley, Basel II and PCI-DSS, their data centres must adhere to strict asset documentation, configuration and change management, as well as rigorous and transparent documentation policies.
In colocation facilities high levels of security are also required in order to comply with service level agreements (SLAs), as any data breach can prove costly both financially and in terms of reputation.
Furthermore, to underline a commitment to security best practice, some data centre managers are choosing to become certified to ISO 27001. This international standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system.
Defence mechanisms
A security strategy usually takes the form of a multi-layered approach that includes a range of technology that monitors and controls access both into and within the premises. When it comes to restricting access to data, securing the cabinets and racks that house servers and other active equipment is crucial and there are a number of ways that this can be achieved.
To begin with, modern locking systems such as swinghandles are highly secure, robust, ergonomic and can be retrofitted. However, to add another layer of protection they can be modified to incorporate an electronic keypad that simply screws to the back of the standard swinghandle, converting it into a remote access solution. The locking system will usually be used in conjunction with a personal identification number (PIN) or radio frequency identification (RFID) device.
Pointing the finger
Many data centre managers are searching for a means of protecting equipment access using something more than just a password. One particular technology set that is becoming increasingly popular within the data centre environment is biometrics.
These products and systems automatically measure an individual’s physiological or behavioural characteristics and examples include automatic fingerprint identification, iris and retina scanning, face recognition and hand geometry. The major advantage that this type of solution has over PINs or RFID cards is that it cannot be lost, transferred or stolen, and is completely unique.
The time taken to verify a fingerprint at the scanner is now down to a second because the templates are maintained locally and the verification process can take place whether or not a network connection is present. Furthermore, the all round reliability of biometric technology means that IT resources can be highly secure at the cabinet level and the data from the scanner can be integrated with other forms of security, such as video surveillance.
Command and control
Software is now available that provides local and/or remote control of racks, cabinets, hot and cold aisles, cages or outside enclosures, with full event recording and a rolling 24 hour audit trail.
It also ensures only authorised personnel can access the cabinets. Alarms can be generated if unauthorised entry is attempted or an unusual condition or problem is detected, such as if humidity within the facility rises above a pre-defined threshold. This allows designated staff to carry out an investigation that complies with any SLAs.
Cabinets can have a video recording system installed that can either record constantly or be activated in the event of an access attempt. The system will send the data centre manager an email containing astill image of the person trying to gain access. The use of video is a tried and tested way of tracking movements in a facility and establishing exactly who was doing what at a particular time, and it can also be incorporated into a data centre infrastructure management (DCIM) system.
Being able to keep track of data centre assets is an important piece of the security jigsaw that can sometimes be forgotten. With the intention of eliminating the use of manual spreadsheets for tracking inventory, RFID based asset management tags and sensors can provide instant awareness of where data centre assets are located. Some of these products also feature a tamper notification system that is triggered when tags are removed, replaced, or altered, allowing designated personnel to respond.
Front line
The threat of data theft and damage to equipment must be taken seriously – those that fail to implement a thorough multi-layered system run the risk of damaging their businesses and reputations. Rather than just being seen as metal boxes, cabinets and racks are, in fact, at the front line in keeping data safe and ensuring that audit trails comply with relevant legislation.