It is the nature of everything connected that it also bears the risk of misuse – whether malicious or accidental. It seems to me that overall, companies have taken great steps forward to overcome issues associated with external and internal electronic access to hardware and data from drive-by style attacks. Small and large businesses alike run decent spam filters, firewalls and anti-virus software. They run regular scans and mainly, people have become sufficiently cautious not to click unwise links.
But true cybersecurity requires a more holistic approach. This means not only controlling access to the network, applications and the main data processing facility, but also controlling access to the actual physical assets as well. Today, all IT server racks and enclosures demand the same stringent attention to physical security as the measures used, e.g., to control access to major data center installations.
All IT facilities, irrespective of their size, face some sort of threat to ongoing operation. If you visit a colocation facility that really couldn’t be more apparent. Even as you approach the outside of the building, you will see a great deal of attention has been paid to perimeter security – from fencing and gateways, to video surveillance and sign-in procedures. The physical appearance of these measures has as strong deterrent effect on their own. However, the demands of different applications and markets frequently require that critical IT is installed on-premise, and often in less than ideal locations.
Further increasing the pressure on those managing IT loads in such locations, regulations concerning the way data is stored and accessed extends beyond cyber credentialing, and into the physical world. In the US, where electronic health records (EHR) have become heavily incentivized, the Healthcare Insurance Portability & Accountability Act (HIPAA) demands safeguards, including “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.”
Similar measures are also demanded, e.g., by the Sarbanes-Oxley Act and Payment Card Industry Data Security Standard (PCI DSS) for finance and credit card encryption IT equipment. In addition to building and room security, it has become vital to control rack-level security so you know who is accessing your IT cabinets and what they’re doing there. Verifying credentials at the rack level and alerting to opened or forced doors will certainly prevent data breaches, and it will also help maintain a full audit trail to ensure regulatory compliance, helping you avoid hefty compliance penalties.
The good news today is that technology is helping to provide solutions to answer the security challenges being created by technology. Data center quality IT racks with integrated physical access control, wireless monitoring and intelligent management appliances, and video surveillance capability have all become very affordable and easy to install or retrofit in even the smallest IT installations. Lower cost appliances and sensors, together with more efficient software applications and wireless technology are all helping to make robust security precautions more commonplace as TCO falls.
If you’d like to read more about the physical side of cyber security, and learn about the serious environmental and internal security challenges that can result in IT service outages, please download our free e-Guide: Preventing Outages by Monitoring, Managing, and Controlling the Data Center Environment.