Control physical access to rack level

Control physical Access to Rack Level 

In our networked and internet-dependent world, securing personal and business data from theft, hacking and other forms of cybercrime has become an issue of paramount importance – and the world’s data centers, where data has its physical presence, are key points where multiple layers of security need to be established and sustained. Electronic locks offer audit trail reporting capabilities and can also be set up to provide local alerts, including indicator lights, beacons or alarms.

Securing information within the data centre presents heightened physical security and access control challenges. Heavy-duty perimeter security and room level access control prevents access to the building and server rooms, but once inside, data storage equipment may not include that same level of security. In some co-location centres for instance, cabinets containing particularly sensitive data are protected by a chain link fence enclosure; however, these cabinets are still at risk should an unauthorised individual gain access to that enclosure.

For complete physical security, the actual server cabinets should be secured to the same degree as the data centre itself. Verification of credentials for access control and, where required, auditing rack-level access can prevent costly data breaches and stiff penalties for non compliance. Data centre managers can avoid these risks by incorporating intelligent, reliable electronic locking systems at the racklevel to protect access to sensitive information.

Extending physical security to the rack level

Effective rack-level access control systems are specifically designed for server cabinets with a flexible, open architecture that allows them to be easily integrated with any existing security system. An effective physical security system is typically comprised of three key elements: user interface, intelligent lock, and remote control and monitoring. Many data centers focus security efforts on access control to the grounds, the buildings and the secure areas within:

·       Access to the building is often gated, with exterior physical protection elements to secure the entire site and requires a guard to verify and document entry through the gate.

·       Once an individual enters the facility, they typically sign in with a live guard and receive a credential for access to specific areas.

·       In some facilities, access to a specific floor or enclosure area is further controlled by a “man trap” with two sets of doors accessed via an electronic credential, either RFID or biometric.

Electronic access solutions, like electronic locks and latches, offer a modular security solution designed for simple integration into Data Center Infrastructure Management (DCIM) systems and existing server rack enclosure designs.

Electronic Access Solutions (EAS) typically consist of four main components:

·       Electromechanical Lock or Latch– The most critical component of any electronic access system,  this mechanism performs the electromechanical locking or unlocking function upon receipt of a valid electronic signal and provides an output of its status to external monitoring systems.

·       Access Control Device – The access controller acts as the human interface, allowing the electronic lock  to be remotely operated through a variety of options, such as digital keypads, biometrics, RFID readers, and other wireless communication devices such as  BLUETOOTH enabled smartphones and tablets.

·       Remote Monitoring – Electronic access solutions have the unique ability to capture an electronic "signature" for each access attempt. This info, together with additional security and environmental data, can be output to a variety of devices, from simple indicator lights to networked, software-based remote monitoring systems.

·       Manual Override – In some cases, an override system is required to provide access in the event of a system power failure. This override system can be mechanical, providing direct mechanical actuation of the lock, or electrical, providing external power in the event of a system power failure.

The key element of effective rack level electronic access systems is the use of intelligent electronic locks that restrict access through the validation of user credentials. Electronic locks can be integrated with a variety of rack level access control devices, such as digital keypads, RFID card readers, biometric readers and electronic key systems.

Suprema Mobile Access allows you to use your own smartphone as a key to access doors, facilities, and more. By using your smartphone as a credential, managing and using an access card becomes easier, faster, and safer. The smartphone can then send audit trail data wirelessly to the cloud via a cellular or Wi-Fi connection for audit trail reporting. This unique solution provides remote access control without the need for a physical network connection. Mobile Access supports both NFC and BLE for full compatibility with various types of smartphones.

Additionally, maintaining automatic digital documentation is more convenient than manually tracking and recording access. Rather than keeping track of mechanical keys – particularly in a co-location setting – electronic access allows administrators to upload (or delete) electronic credentials from their user database. With networked systems, these updates to the approved list can be made remotely, from anywhere in the world. With cloud-based solutions, this can be accomplished wirelessly, using Bluetooth enabled mobile devices.

Integrating rack level EAS into existing data centers

The entire IT and data center industry must continue to apply every tool available to secure personal and corporate data and applications from identity theft, malware, hijacking and other hacking attacks. Using electronic access solutions to secure the server racks is the final component in creating a fully secure data center. Rack level electronic access provides a controlled physical security solution that, when integrated into existing security and monitoring systems, provides a complete end-to-end data center security solution.

Cost-effective rack level security solutions are available, depending on the specific application. For example

·       Self-contained solutions that are generally battery-operated and offer simple, drop-in installation and programming to provide integrated access control and electronic locking in a single self-contained device.

·       Standalone solutions that offer basic plug-and-play access control without the need for software or network administration where remote control and monitoring is not needed.

·       Wireless remote controlled solutions that leverage NFC and BLE connectivity with cloud based web portal credential management and monitoring to provide the simplicity of a standalone system with the benefits of a networked control system

·       Integrated solutions that can be combined with building access control and monitoring systems to incorporate cabinet-level access control into existing security systems.

·       Independent networked solutions that can be used to monitor and manage rack access across networks from a host computer for remote system configuration, access control and the monitoring of multiple access points.

Streamlining migration between platforms

Rack-level electronic locks may incorporate an RFID reader with industry standard Wiegand outputs that can tie into any traditional building system. When integrating rack-level access control solutions, there may be a need to support both proximity and smart card RFID protocols. By integrating an industry standardised electronic locking and access control solution that reads multiple RFID formats, data centre managers can leverage their existing building security system for rack-level access control regardless of card technology used. This type of solution offers simplified installation, allowing personnel to use their existing credentials to access multiple areas within the data centre – from the server room to the rack level.

Physical access control across the facility

In today’s highly regulated data centre environment, access control and monitoring at the rack level are a must. While significant resources are dedicated to fighting online cyberattacks, physical protection of stored data is equally as important. The need for increased security and compliance with a myriad of regulations necessitate access control and monitoring capabilities for the actual cabinets where data is stored.

Data centre managers can achieve physical access control by implementing electronic access solutions, which offer solutions for audit trail maintenance and compatibility with existing facility-wide security systems. Protecting data within facilities requires the same level of access control for racks as the buildings that house them.

Organizations should monitor the safety and security of the data center rack room with authenticated access through the following systems:

·        Closed-circuit television (CCTV) camera surveillance with video retention as per the organization policy

·        Vigilance by means of 24×7 on-site security guards and manned operations of the network system with a technical team

·        Periodic hardware maintenance

·        Checking and monitoring the access control rights regularly and augmenting if necessary

·        Controlling and monitoring temperature and humidity through proper control of air conditioning and indirect cooling

·        Uninterruptible power supply (UPS)

·        Provision of both a fire alarm system and an aspirating smoke detection system (e.g., VESDA) in a data center. A VESDA, or aspiration, system detects and alerts personnel before a fire breaks out and should be considered for sensitive areas.

·        Water leakage detector panel to monitor for any water leakage in the server room

·        Rodent repellent system in the data center. It works as an electronic pest control to prevent rats from destroying servers and wires.

·        Fire protection systems with double interlock. On actuation of both the detector and sprinkler, water is released into the pipe. To protect the data and information technology (IT) equipment, fire suppression shall be with a zoned dry-pipe sprinkler.

·        Cable network through a raised floor, which avoids overhead cabling, reduces the heat load in the room, and is aesthetically appealing.