Are you concerned that business time could be lost if the wrong people get into your data centre or staff error causes equipment failure? A White Paper from Schneider Electric points out that as the number of data centres increases, with the rise of cloud storage of data and web hosting sites, physical security is just as important as cybersecurity in ensuring the protection of data and business continuity.
As white paper author Suzanne Niles says people are essential to the operation of a data centre, but studies consistently show that people are directly responsible for 60% of data centre downtime through accidents and mistakes. That means finding effective access control solutions throughout the data centre premises right down to the racks where appliances sit, that balances the level of protection required with the cost, is vital.
Essentially an effective access control system needs to reliably answer the question who are you and why are you here? If only those that should have access to a data centre actually enter it you are reducing the level of risk of mistakes, accidents or entry by someone with a malicious intent.
The white paper states IT managers know the “who and why” of security for their installation as well as knowing their budget constraints, and the risks inherent in various types of security breach at their facility. However, they may not be aware of the different methods that data centres can be made secure and the range of technologies that may be available.
This is where security and threat management specialists, like Ecl-ips, are able to provide their expertise by working with IT managers to get a full picture of the site and the specific issues of the premises such as the number of computer rooms and equipment racks. We are then able to both cater for all levels of security as well as the depth of security that may be required within a data centre or server room.
The methods used to control access can be keys, a range of different types of cards or tokens but all of these have the disadvantage that they can be mislaid or stolen. Passwords or PIN codes can also be used although they should not be too easy or too hard as this increases the likelihood they could be written down and then shared. Meanwhile, the costs of biometric methods, such as fingerprint scanning or voice recognition, are reducing however, there can still be problems, primarily with legitimate users being rejected. Normally the best approach is to have a combination of these access control solutions to increase their reliability.
The white paper identifies that a site will have various levels of security through the building while there may also need to be depths of security within the room. Within the data centre itself this could be at rack level. Security rack locks are available that can be remotely configured to allow access only when needed, for specific people at specific times. This reduces the risk of an accident, sabotage, or unauthorised installation of additional gear that could cause a potentially damaging rise in power consumption and rack temperature.
To ensure that only people that have a valid reason to be in a specific area of a data centre premises have that access you can restrict areas by ensuring that repair or cleaning teams, that may have a number of people within them at different times, can only access common areas or other specific rooms.
Ecl-ips is also an expert in installing high quality CCTV systems and these can provide an extra layer of security for your premises and the data centre.
When designing a secure access control system companies need to consider the potential loss that could arise from damage or theft of IT equipment, data loss or corruption, productivity loss during any IT downtime and damage that could occur to a company’s reputation. This should be set against the known cost of the access control solution, its maintenance and the day-to-day inconvenience of the security system.
If you want advice on data centre security Ecl-ips is a specialist in a range of access control solutions. We are also a Schneider Electric partner able to supply its APC rack access control device which uses the APC NetBotz 250 appliance plus a handle kit to enable remote lock/unlock capabilities and badge access privileges for IT enclosures. To find out more contact us.