Why your biggest IT Security Vulnerability is Physical!
How an intelligent datacenter rack door locking systems delivers compliance, resilience and saves costs
March 06, 2019 in
How much does your organisation spend on Cyber Security products? No doubt it’s a significant sum but this could all be wasted for the want of a secure and easy to use rack door locking system in your data centres and Comms rooms. It’s not very sexy, you are unlikely to get a Venture Capitalist interested in it or Gartner to report on it but it is, or should be, an essential component art of your IT security solution. It will cost a lot less than the latest firewall, or cyber security software, and the benefits will deliver a faster return on investment. To find out more about these benefits please read on.
Compliance with regulation
In the UK, Europe and the US there is a raft of compliance regulation that specifies the need for Physical Security and for providing logs and audit trails of who has access to the data and the IT equipment that it is processed and stored in. This includes;.
- General Data Protection Regulation (GDPR)
- ISO/IEC 27001/27002 – Section 11
- PCI-DSS (Payment Card Industry Data Security Standard
- Sarbanes Oxley
- FISMA (Federal Information Security Management Act) and NIST (National Institute of Standards & Technology
The biggest threat to your security is not a teenage genius hunched over a terminal in Moscow or Pyongyang. A data breach is most likely to originate from within your organisation and the contractor with his tool bag in your data centre is as much of a threat as the administrator in your office. You wouldn’t allow an office worker unlogged access to your critical data and systems so why do you allow IT contractors such access?
If you think your processes are good enough, use these questions to identify if your current systems are compliant and fit for purpose:
- How do you monitor which racks contractors and members of your team have access to when they are in your data Centre?
- Do you monitor individual rack access or just access to the data Centre Room?
- How do you monitor if your processes are being followed? If they are too rigid people will find a way around them to save time, if they are too lax they won’t be fit for purpose!
- What happens in the event of a power failure or partial power failure is your physical security dual powered and protected by UPS?
At AIT we usually get asked to implement DCIM or intelligent rack door locking after there has been a costly security breach or power outage. Most organisations find it difficult to justify the budget for such investment until after the horse has bolted. We address some of those reasons here.
Such incidents may be security related, but are most often caused by a power outage that could have been prevented by stopping an unauthorised, or incompetent, person from accessing critical equipment racks. There is a lot of data available online highlighting this risk and providing evidence to support what is a relatively low cost investment in intelligent door locking. One such independent authority is the Uptime Institute which publishes an annual report on data centre outages.
This report shows that most Data Centre failures are the result of human error. If you don’t have real time monitoring and know who is in your rack, then you won’t be able to quickly identify the cause of the outage. This will impact on your mean time to restore service and on your ability to identify the root cause of the fault. It could also impact on your ability to claim compensation from those responsible as happened with BA.
The latest 2018 research from the Uptime Institute shows that outages are increasing in frequency and severity and are almost always caused by human error:
- 80% of reported outages were caused by human error
- 15% of outages cost over $1m
- 30% of outages cost over $250,000
- 31% of respondents reported an outage in 2018 up from 25% in 2017
Installing intelligent access control at the rack level isn’t going to eliminate this risk for your organization but it is a very cost effective part of your response to this increasing risk.
The monitoring and logging of rack access to identify which contractor has worked in which rack can also help to maintain standards of work and measure productivity.
The effect of poor quality cabling on air flow can have a significant impact on cooling efficiency, which is the single biggest operating cost in a data centre. Leaving rack doors open, not fitting blanking plates or leaving sufficient air gaps will all impact on the bottom line if not monitored and managed. As part of an integrated DCIM solution a best practice intelligent rack door locking system can deliver savings of 5-10% of your energy costs.
Best Practise Features of an Intelligent Rack Door Locking System
Hopefully, having read this blog, you are now in a better position to be able to create a business case to secure the relatively small budget needed to implement am intelligent rack door locking system. So what features should you be looking for in a best practice solution?
Real time monitoring
Provide alarms and alerting to notify if rack doors are left open or opened without authorisation.
Provide time stamped logs of who accessed racks
Many systems are powered from just one rack feed. All critical systems should be powered by A+B feeds for resilience
Easy to use
Choose simple RFID or Biometric systems with well-designed software and easy to use monitoring r interfaces
Easy to retrofit
Choose independent systems that can be fitted to any brand of rack to avoid vendor lock in or expensive retrofitting
Integration with CCTV
Provide connection of USB Cameras to synchronise with door locking and trigger visual authorisation
Integration with DCIM and ITSM workflow software
Provide alerts from door locking to synchronise with work orders from systems like Service Now flow within a DCIM workflow view and dashboard
If you want to find out more about our intelligent Rack Access Control solution that provides all of these best practice features please contact AIT.