Data Center Security:
Data Center Physical security - controlling personnel access to facilities - is critical to achieving data center availability goals. As new technologies such as biometric identification and remote management of security data become more widely available, traditional card-and-guard security is being supplanted by security systems that can provide positive identification and tracking of human activity in and around the data center. Before investing in equipment, IT managers must carefully evaluate their specific data center security needs and determine the most appropriate and cost-effective security measures for their facility. This paper presents an overview of the principles of personnel identification and describes the basic elements and procedures used in security systems.
People: A Risk to be Managed
When data center security is mentioned, the first thing likely to come to mind is protection from sabotage, espionage, or data theft. While the need is obvious for protection against intruders and the intentional harm they could cause, the hazards from ordinary activity of personnel working in the data center present a greater day-to-day risk in most facilities.
People are essential to the operation of a data center security, yet studies consistently show that people are directly responsible for 60% of data center downtime through accidents and mistakes - improper data center security standards and procedures, mislabeled equipment, things dropped or spilled, mistyped commands, and other unforeseen mishaps large and small. With human error an unavoidable consequence of human presence, minimizing and controlling personnel access to facilities is a critical element of risk management even when concern about malicious activity is slight.
Identification technology is changing as fast as the facilities, information, and communication it protects. With the constant appearance of new equipment and techniques, it's easy to forget that the age-old problem this technology is trying Network-Critical Physical Infrastructure to solve is neither technical nor complicated: keeping
Physical security is part of Network-Critical unauthorized or ill-intentioned people out of places where they Physical Infrastructure (NCPI) because it plays a direct role in maximizing system availability don't belong. And while the first step, mapping out the secure ("uptime"). It does this by reducing downtime areas of the facility and defining access rules, may produce a from accidents or sabotage due to the presence of unnecessary or malicious people. layered and complex blueprint, it isn?t intuitively difficult - IT
Other NCPI elements are power, cooling, racks, managers generally know who should be allowed where. The cabling, and fire suppression. challenge lies in the second step: deciding how best to apply less-than-perfect technologies to implement the plan.
Data Center Security Solutions?
While emerging security technologies may appear exotic and inscrutable - fingerprint and hand scans, eye scans, smart cards, facial geometry - the underlying data security objective, unchanged since people first started having things to protect, is uncomplicated and familiar to all of us: getting a reliable answer to the question "Who are you, and why are you here?"
The first question - "Who are you?" - causes most of the trouble in designing automated security systems. Current technologies all attempt to assess identity one way or another, with varying levels of certainty - at correspondingly varying cost. For example, data center physical security and swipe card is inexpensive and provides uncertain identity (you can't be sure who's using the card); an iris scanner is very expensive and provides very certain identity. Finding an acceptable compromise between certainty and expense lies at the heart of security system design.
The answer to the second question, "Why are you here?" - in other words, what is your business at this access point - might be implicit once identity has been established ("It's Alice Wilson, our cabling specialist, she works on the cables - let her in"), or it can be implemented in a variety of ways: A person's "who" and "why" can be combined - in the information on a swipe-cards magnetic strip, for example; a person's identity could call up information in a computer file listing allowable access; or there could be different access methods for various parts of the facility, designed to allow access for different purposes. Sometimes "Why are you here?" is the only question, and "Who are you?" doesn't really matter - as for repair or cleaning personnel.
