Security Mantraps on the way
Security
mantraps came into use during the 16th century and were
mechanical devices used for catching poachers and trespassers. Today, a
security mantrap is commonly described as a small room, area or compartment
that is designed to temporarily hold (trap) an individual between two doors
(barriers) so that their credentials can be verified before granting access.
Verification may be manual, with security personnel doing the verification, or
automatic, with technology doing the verification. Most systems installed today
are automatic with various integrated technologies to enhance security, safety
and prevent unauthorized entry.
In
the 17th century, sally ports
were built to control the entryway to a fortification or prison. They often
included two sets of doors (or gates) to delay enemy penetration. Today, a
sally port used for security applications may include doors, gates or other
physical barriers to control access of people (or vehicles) to a secure area.
Both security mantraps and sally ports are in widely used for security
applications, however, despite some similarities, the terms are not used
interchangeably, and only sally ports are referenced in the building codes.
A
mantrap is an access control tool designed and restricted to a physical space,
which is separated from the adjoining spaces (rooms) by two doors, usually an
exit and an entry door that cannot be unlocked at the same
time. Mantraps are like a double-door checking system that use either
airlock technology or interlocking doors.
Today's
simplified automatic mantrap rooms enable access with access cards, key fobs
and mobile phones. Since mantraps prevent two persons (unless authorized) to be
in the same room, they can be used for shared spaces in hospitals, dormitories
and boarding rooms or anywhere else where people have some need for privacy.
Both
the International Building Code (IBC) and the Life Safety
Code (NFPA 101) describe a sally port as a compartmented area with two or
more doors (or gates) where the intended purpose is to prevent continuous and
unobstructed passage by allowing the release of only one door at a time. Both
codes restrict their use to institutional type occupancies (e.g., prisons,
jails, detention and correctional centers) and require provisions for
continuous and unobstructed travel through the sally port during an emergency
egress condition.
During
2017, the most digital damage from cyber-attacks includes continuous
targeting of critical infrastructure, ransomware, government emails being
hacked, exfiltration of Central Intelligence Agency documents, and the
multinational WannaCry ransomware attack of over 200,000 systems. Gartners’
global information security spending forecast estimates that by the
end of 2017, purchases for security products and services could reach $84.5
billion or a seven percent increase since 2016. Defenses have progressively
improved and measures continue to be implemented. However, there is one area
which lags far behind – that is the physical security of data centers and,
specifically, the adoption and employment of mantraps.
According
to BICSI, a mantrap is created using two interlocking doors which open only one
at a time after the correct credentials have been validated. To physically
secure a facility or data center, periodic risk assessment and policy reviews
should be conducted. Ideally, drills should be included to engrain the training
scenarios and validate policies and procedures. An example of layered security
can be found in the TIA-942 where tiers I through IV are used to
differentiate each level including Kevlar or bullet resistant walls, windows,
doors, closed circuit television (CCTV) monitoring, access control and more.
Despite
their widespread use, security mantraps are not referenced by either IBC or
NFPA, which has given rise to a plethora of terms and definitions, including,
for example: security portals, security vestibules, security airlocks, security
booths, security cabins, control vestibules and personnel interlocks. For the
supplier, designer or code official, this lack of regulation can result in
different interpretations of building code and life safety requirements.
Generally, the most appropriate sections of the code are applied and enforced,
which may include sections on doors, gates, turnstiles, revolving doors and
accessibility requirements. Because security mantraps are unique in their
design and operation, the enforcement of code sections intended for other
technologies may result in installed systems that are over- or under-designed
with added costs and project delays, if accepted at all.
A
security mantrap may be manual or automatic, manned or unmanned, pre-engineered
or built from the ground up, located indoors or outdoors, and include a variety
of technologies to enhance security, safety, aesthetics, throughput, service
and overall performance. The systems come in various sizes, shapes, styles and
configurations with a multitude of finishes, glazing and door options,
including ballistic and vandal resistant. Other options and features include:
metal/weapons detection, left object detection, tailgating/piggybacking
detection, monoblock construction, wall mount versions, network interface
capabilities, video cameras, intercoms, anti-pass back integration, biometrics,
manual releases, and inputs/outputs for control and alarm monitoring. most
common mantraps work with a system of two interlocked doors, there are
solutions that can be implemented on three or more doors, including varied
authentication systems. “Real” mantraps typically have two locked doors. Some
interlocked mantraps, such as those used at bank entrances, are unlocked to
begin with, and only lock when one of the doors is open.
Security
mantraps are commonly found in high-security, mission-critical facilities
(e.g., government, military, critical infrastructure), but can also be found in
many commercial and industrial facilities (e.g., banking, data centers,
pharmaceutical, health care, airports, casinos, executive suites, high-end retail,
R&D labs). Some of the key drivers for using security mantraps include the
ability to detect and prevent tailgating and piggybacking incidents in unmanned
locations, satisfying various regulatory compliance standards (e.g., GDPR,
GLBA, PCI DSS, HIPPA, FISMA, SOX) by restricting access to critical information
systems, and protecting against other security threats that have become more
prevalent in the world today (e.g., espionage, terrorism, theft, vandalism,
protests, etc.).
When
security mantraps are being considered as a countermeasure to mitigate
unauthorized entry, it is important to establish clear goals and objectives for
the equipment, application and environment. Then, carefully review and evaluate
the proposed system based on form, fit and function. When these systems become
part of the building infrastructure, provisions for security and safety must be
met. This often starts with a security risk assessment for the facility or
site.
Two Major Types of Mantraps:
- Air
Lock Control – low-security systems used only for environmental control
also referred to as normally unlocked.
- Restricted
Entry and Exit – these are considered the highest security type that is
used with normally locked doors. Opening any door keeps all other doors
secure. The man trap buffers simultaneous requests for access which
prevents any two doors from being unlocked.
Additionally,
some man traps may incorporate the use of Request-to-exit (REX) device –
typically located on the inside secured door, most are identified as a ‘quick
release’ latch.
Mantrap Pros:
- Allows
only one person to enter or exit at a given time
- Requires
proper identification and authentication
- Restricts
movement into and out of the data center
- Can
be used to closed unwanted visitors until authorities are called
- Provides
an audit trail for personnel and visitors
Mantrap Cons:
- Highly
secure doors are more expensive
- May
not permit movement of large boxes, dollies, deliveries, etc.
- May
fail during electrical power outage unless backup exists
- If
not properly implemented according to policy and design, may present a
safety risk
The
goal of any security risk assessment is to develop a protection strategy that
mitigates risk to people, property and information systems, and, for security
mantraps, the primary goal is to prevent unauthorized entry. The security risk
assessment process begins with asset identification and valuation, followed by
evaluation and analysis of associated threats, vulnerabilities and potential
loss impact. Finally, security measures are recommended and form the basis of
an integrated protection strategy.