Control physical Access to Rack Level
In our
networked and internet-dependent world, securing personal and business data
from theft, hacking and other forms of cybercrime has become an issue of
paramount importance – and the world’s data centers, where data has its
physical presence, are key points where multiple layers of security need to be
established and sustained. Electronic locks offer audit trail reporting
capabilities and can also be set up to provide local alerts, including indicator
lights, beacons or alarms.
Securing information within the data centre presents heightened physical security and access control challenges. Heavy-duty perimeter security and room level access control prevents access to the building and server rooms, but once inside, data storage equipment may not include that same level of security. In some co-location centres for instance, cabinets containing particularly sensitive data are protected by a chain link fence enclosure; however, these cabinets are still at risk should an unauthorised individual gain access to that enclosure.
For complete physical security, the actual server cabinets should be secured to the same degree as the data centre itself. Verification of credentials for access control and, where required, auditing rack-level access can prevent costly data breaches and stiff penalties for non compliance. Data centre managers can avoid these risks by incorporating intelligent, reliable electronic locking systems at the racklevel to protect access to sensitive information.
Extending physical security to the rack level
Effective rack-level access control systems are
specifically designed for server cabinets with a flexible, open architecture
that allows them to be easily integrated with any existing security system. An
effective physical security system is typically comprised of three key
elements: user interface, intelligent lock, and remote control and monitoring. Many
data centers focus security efforts on access control to the grounds, the
buildings and the secure areas within:
·
Access
to the building is often gated, with exterior physical protection elements to
secure the entire site and requires a guard to verify and document entry
through the gate.
·
Once
an individual enters the facility, they typically sign in with a live guard and
receive a credential for access to specific areas.
·
In
some facilities, access to a specific floor or enclosure area is further
controlled by a “man trap” with two sets of doors accessed via an electronic
credential, either RFID or biometric.
Electronic
access solutions, like electronic locks and latches, offer a modular security
solution designed for simple integration into Data Center Infrastructure
Management (DCIM) systems and existing server rack enclosure designs.
Electronic
Access Solutions (EAS) typically consist of four main components:
·
Electromechanical Lock
or Latch– The
most critical component of any electronic access system, this mechanism
performs the electromechanical locking or unlocking function upon receipt of a
valid electronic signal and provides an output of its status to external
monitoring systems.
·
Access Control Device – The access controller
acts as the human interface, allowing the electronic lock to be remotely
operated through a variety of options, such as digital keypads, biometrics,
RFID readers, and other wireless communication devices such as
BLUETOOTH enabled smartphones and tablets.
·
Remote Monitoring – Electronic access
solutions have the unique ability to capture an electronic
"signature" for each access attempt. This info, together with
additional security and environmental data, can be output to a variety of
devices, from simple indicator lights to networked, software-based remote
monitoring systems.
·
Manual Override – In some cases, an
override system is required to provide access in the event of a system power
failure. This override system can be mechanical, providing direct mechanical
actuation of the lock, or electrical, providing external power in the event of
a system power failure.
The key element of effective rack level electronic access systems is the use of intelligent electronic locks that restrict access through the validation of user credentials. Electronic locks can be integrated with a variety of rack level access control devices, such as digital keypads, RFID card readers, biometric readers and electronic key systems.
Suprema Mobile Access allows you to use your own
smartphone as a key to access doors, facilities, and more. By using your
smartphone as a credential, managing and using an access card becomes easier,
faster, and safer. The smartphone can then send audit trail data wirelessly to
the cloud via a cellular or Wi-Fi connection for audit trail reporting. This
unique solution provides remote access control without the need for a physical
network connection. Mobile Access supports
both NFC and BLE for full compatibility with various types of smartphones.
Additionally, maintaining automatic digital documentation is more convenient than manually tracking and recording access. Rather than keeping track of mechanical keys – particularly in a co-location setting – electronic access allows administrators to upload (or delete) electronic credentials from their user database. With networked systems, these updates to the approved list can be made remotely, from anywhere in the world. With cloud-based solutions, this can be accomplished wirelessly, using Bluetooth enabled mobile devices.
Integrating rack level EAS into existing data centers
The entire
IT and data center industry must continue to apply every tool available to
secure personal and corporate data and applications from identity theft,
malware, hijacking and other hacking attacks. Using electronic access solutions
to secure the server racks is the final component in creating a fully secure
data center. Rack level electronic access provides a controlled physical
security solution that, when integrated into existing security and monitoring
systems, provides a complete end-to-end data center security solution.
Cost-effective
rack level security solutions are available, depending on the specific
application. For example
·
Self-contained solutions that are generally
battery-operated and offer simple, drop-in installation and programming to
provide integrated access control and electronic locking in a single
self-contained device.
·
Standalone solutions that offer basic plug-and-play
access control without the need for software or network administration where
remote control and monitoring is not needed.
·
Wireless remote controlled solutions that leverage NFC and BLE connectivity
with cloud based web portal credential management and monitoring to provide the
simplicity of a standalone system with the benefits of a networked control
system
·
Integrated solutions that can be combined with
building access control and monitoring systems to incorporate cabinet-level
access control into existing security systems.
·
Independent networked solutions that can be used to monitor and
manage rack access across networks from a host computer for remote system
configuration, access control and the monitoring of multiple access points.
Streamlining migration between platforms
Rack-level electronic locks may incorporate an RFID reader with industry standard Wiegand outputs that can tie into any traditional building system. When integrating rack-level access control solutions, there may be a need to support both proximity and smart card RFID protocols. By integrating an industry standardised electronic locking and access control solution that reads multiple RFID formats, data centre managers can leverage their existing building security system for rack-level access control regardless of card technology used. This type of solution offers simplified installation, allowing personnel to use their existing credentials to access multiple areas within the data centre – from the server room to the rack level.
Physical access control across the facility
In today’s highly regulated data centre environment,
access control and monitoring at the rack level are a must. While significant resources
are dedicated to fighting online cyberattacks, physical protection of stored
data is equally as important. The need for increased security and compliance
with a myriad of regulations necessitate access control and monitoring
capabilities for the actual cabinets where data is stored.
Data centre managers can achieve physical access control
by implementing electronic access solutions, which offer solutions for audit
trail maintenance and compatibility with existing facility-wide security
systems. Protecting data within facilities requires the same level of access
control for racks as the buildings that house them.
Organizations
should monitor the safety and security of the data center rack room with
authenticated access through the following systems:
·
Closed-circuit
television (CCTV) camera surveillance with video retention as per the
organization policy
·
Vigilance
by means of 24×7 on-site security guards and manned operations of the network
system with a technical team
·
Periodic
hardware maintenance
·
Checking
and monitoring the access control rights regularly and augmenting if necessary
·
Controlling
and monitoring temperature and humidity through proper control of air
conditioning and indirect cooling
·
Uninterruptible
power supply (UPS)
·
Provision
of both a fire alarm system and an aspirating smoke detection system (e.g.,
VESDA) in a data center. A VESDA, or aspiration, system detects and alerts
personnel before a fire breaks out and should be considered for sensitive
areas.
·
Water
leakage detector panel to monitor for any water leakage in the server room
·
Rodent
repellent system in the data center. It works as an electronic pest control to
prevent rats from destroying servers and wires.
·
Fire
protection systems with double interlock. On actuation of both the detector and
sprinkler, water is released into the pipe. To protect the data and information
technology (IT) equipment, fire suppression shall be with a zoned dry-pipe
sprinkler.
·
Cable
network through a raised floor, which avoids overhead cabling, reduces the heat
load in the room, and is aesthetically appealing.