Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

How secure is your rack?

By Jason Preston

Data centre / center security is a big issue: especially for co-location centres hosting multiple racks for multiple, often competing, clients. Yet whilst security to access the data centre can often be impressive, individual rack level security is often sadly limited. Given the number of in-house staff and external engineers, from cable engineers to storage and server providers, passing through a data centre on a near daily basis, poor rack level security creates unnecessary risk.

Security is about far more than putting cages into the data centre. Organizations need a robust process that combines network accessed rack level security with change controls to create a complete, rack level access audit.

Without real-time, rack level access control, organizations cannot deliver the level of data centre protection increasingly demanded by governments and banks to prevent unauthorised access and criminal activity.

Rack security
With an ever increasing focus on cyber-attacks, the recent physical security attack on a high street bank gave many data centre managers pause for thought. If someone posing as an engineer was able to fit a keyboard video mouse (KVM) to a computer actually inside a bank branch, just what could be happening in a data centre, especially a data centre that houses equipment belonging to multiple organizations?

While the government, banks and police authorities now demand Intrusion Level 3, 4 and even 5 for anti-terrorist systems, the vast majority of data centre environments are failing to impose adequate controls over physical access to individual data centre racks.

Most co-location centres rely on the use of locked cages to separate the IT equipment of each client. But how robust is this model? What happens when an engineer requires access to a server or rack? Simply unlocking the cage provides access to the entire suite. If a problem arises – either malicious or a mistaken cable disconnection – how can the data centre manager determine the what, when and who?

Change control
It is clearly important to introduce rack level security – but how? At best racks are secured only with standard handles using a manual key which is easily broken or bypassed. These locks provide minimal protection and standard keys are really not practical, especially for large data centres: key management is time consuming and the risk of loss is high. Nor is the three-code combination lock a viable alternative – it is too tempting to use the same or similar codes across the board, defeating the object.

Instead, organizations can deploy network enabled electronic key pads that can be opened remotely or via HID proximity code access. The model is inherently flexible, enabling organizations to impose the diverse control levels that reflect the different risk or data value of either client or specific rack.

At the simplest level, cards can be configured for specific periods of time – for example to cover the visit of an engineer. At a higher level, where two people are required to access the rack – for example if the server holds criminal information within police HQ – the rack will only unlock with two approved access cards presented simultaneously. The system will automatically raise an alert to security if the doors are opened without approval or if doors are left open and not locked after the engineer has completed the work.

To create an even more robust model, access can be linked to the change control system: no rack can be opened unless the correct change control request has been made and authorisation received. Indeed, in some cases organizations do not even permit the co-location provider to enter the racks and undertake any work without change control in place – if access is required a request is made via telephone and a change control issued for a specific time of day and individual and the door is opened remotely.

Cost benefits
In addition to imposing excellent physical access control, rack level security releases a significant amount of data centre space. Typically most co-location centres use cages to provide separation between client installations. But in addition to being unattractive, these cages take up a lot of space that could be generating additional revenue.

For example, one organization was able to release 18 racks worth of space by opting for rack level security rather than cages. At £6,000 per year per rack, this was a significant amount of additional revenue. In addition, opting for rack level security creates a more flexible data centre model that enables co-location providers to be far more agile in the way racks are reallocated to new business.

In addition, combining network enabled security with video surveillance reduces the costs associated with physical security guards. If a rack lock is opened – or an attempt is made to open it – the security guard can immediately focus on the relevant camera to assess the situation and check the related change control authorisation. This reduces the need for physical walk-bys and inspections; and even cuts the number of guards required to manage the data centre.

Security is an increasingly fundamental component of every data centre: whether a business or a co-location provider, protecting critical data and reputation from potential threats is essential. Yet the right approach does not have to add cost; indeed, network enabled rack level security can actually reduce costs by removing the need for cages, freeing up space and creating a far more flexible environment.

The author
Jason Preston is director of innovation at 2BM.

•Date: 9th January 2014 • UK/World •Type: Article • Topic: Data centers/centres

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here