How secure is your rack?
By Jason Preston
Data centre / center security is a big issue: especially for co-location centres hosting multiple racks for multiple, often competing, clients. Yet whilst security to access the data centre can often be impressive, individual rack level security is often sadly limited. Given the number of in-house staff and external engineers, from cable engineers to storage and server providers, passing through a data centre on a near daily basis, poor rack level security creates unnecessary risk.
Security is about far more than putting cages into the data centre. Organizations need a robust process that combines network accessed rack level security with change controls to create a complete, rack level access audit.
Without real-time, rack level access control, organizations cannot deliver the level of data centre protection increasingly demanded by governments and banks to prevent unauthorised access and criminal activity.
While the government, banks and police authorities now demand Intrusion Level 3, 4 and even 5 for anti-terrorist systems, the vast majority of data centre environments are failing to impose adequate controls over physical access to individual data centre racks.
Most co-location centres rely on the use of locked cages to separate the IT equipment of each client. But how robust is this model? What happens when an engineer requires access to a server or rack? Simply unlocking the cage provides access to the entire suite. If a problem arises – either malicious or a mistaken cable disconnection – how can the data centre manager determine the what, when and who?
Instead, organizations can deploy network enabled electronic key pads that can be opened remotely or via HID proximity code access. The model is inherently flexible, enabling organizations to impose the diverse control levels that reflect the different risk or data value of either client or specific rack.
At the simplest level, cards can be configured for specific periods of time – for example to cover the visit of an engineer. At a higher level, where two people are required to access the rack – for example if the server holds criminal information within police HQ – the rack will only unlock with two approved access cards presented simultaneously. The system will automatically raise an alert to security if the doors are opened without approval or if doors are left open and not locked after the engineer has completed the work.
To create an even more robust model, access can be linked to the change control system: no rack can be opened unless the correct change control request has been made and authorisation received. Indeed, in some cases organizations do not even permit the co-location provider to enter the racks and undertake any work without change control in place – if access is required a request is made via telephone and a change control issued for a specific time of day and individual and the door is opened remotely.
For example, one organization was able to release 18 racks worth of space by opting for rack level security rather than cages. At £6,000 per year per rack, this was a significant amount of additional revenue. In addition, opting for rack level security creates a more flexible data centre model that enables co-location providers to be far more agile in the way racks are reallocated to new business.
In addition, combining network enabled security with video surveillance reduces the costs associated with physical security guards. If a rack lock is opened – or an attempt is made to open it – the security guard can immediately focus on the relevant camera to assess the situation and check the related change control authorisation. This reduces the need for physical walk-bys and inspections; and even cuts the number of guards required to manage the data centre.
•Date: 9th January 2014 • UK/World •Type: Article • Topic: Data centers/centres