Is Your Last Line of Defense Ready for the Threats?
NOTE: This is the first of a 2-part series on data center security. Check back in a week for Part Two, which will focus on new vulnerabilities and smart protection.
When many IT Facilities Managers hear the word “security,” a number of things may come to mind, mostly either falling into physical security or cybersecurity. Last fall, we covered IT Enclosure Security — Common Threats and Critical Measures, a high-level look at potential physical threats that could result in IT failure or data loss at a data center.
For this conversation, we are offering our top suggestions, most easy to implement, to take your IT cabinet security to a better level. You may have additional ideas, and we’d love to hear them. Reach out now.
Bigger Than IT Cabinets: Overall Security Awareness
When considering security within a data center (or any deployment, really), what is your last line of defense? The IT cabinet, right? Regardless of the installation space, it could end up being the only thing standing between a threat and precious data.
1. As simple as it sounds, keep cabinet doors closed … and locked!
You wish you could fully trust everyone that could come in physical contact with your IT gear, but it doesn’t work out that way. Bad actors, rogue employees — people with an axe to grind — happen. Even someone with no hostile intent can still pose a threat. All of your security efforts, as tight as they are, may not be enough when someone is highly motivated.
Doing what you can to discourage an attack can often be simple. If the enclosure door is open, breaching security is as easy as inserting a USB stick into a wide-open USB port. That said, establish a culture of security. Every time someone leaves an open cabinet, it gets closed and locked. Even if it’s for a quick break.
2. Do not make it easy for cyberattackers
No network/server rack system can protect against cyberattacks, but it’s an obvious threat to keep in mind when thinking about physical security. As previously mentioned, USB ports, RJ45 ports, or any network connection ports are invitations to get inside firewall protection. How many stray patch cords have you seen installed from one footprint to the adjacent one? Or strung along a row or even between two different rows. A secured and well-designed cabinet can remove the temptation to “just run this patch cord for a short time” and be a powerful deterrent to unauthorized access.
Physical Security: Passive and Active
Manufacturers of IT cabinets design them to facilitate smart security protocols as much as possible. They understand the equipment inside is precious to a businesses’ success or a community’s public safety or an organization’s privacy; not to mention the cost of the equipment. Risks are ever-present, and top-of-mind awareness is a necessity.
3. Consider cabinets that prioritize security
Not all cabinets are built to address all issues. Some thoughtfully put security high on their list of “must haves,” yet you could not necessarily tell just by looking at them.
A majority of the following security initiatives may not be obvious when looking at an IT cabinet, but they’re effective at reducing physical break-ins:
- Internal hinges
- Multi-point lock rods
- Frame design: external skins and doors attach to an integrated welded frame
- Handles latch the door at multiple points, along the entire height of the rack
These provide a higher level of physical security than a traditional 2-post rack or 4-post frame, and enclosures with minimal latch points, exposed hinges, and/or single hasp lock points.
Although completely eliminating physical break-ins isn’t possible, it is wise to greatly minimize external points of vulnerability.
4. Want to beef up security? Get more active
It is hard to protect sensitive and valuable data with a robust last line of defense when an IT environment is left accessible by a distracted employee. So, in addition to those passive security measures, more active data center protocols can be set up and implemented. Go beyond access control using a simple PIN pad or security card.
A large data center (a colocation facility, for instance,) usually has multiple layers before allowing access to server racks. However, there are thousands of businesses, medical facilities, and schools where multi-layered security systems simply aren’t practical. That’s when a well-built, reliable IT cabinet shines.
In addition to active access control, various sensors to monitor a variety of potential physical threats: fire, gas and smoke, IP rated threats (dust, water, solid particles), vibration, falling debris, electromagnetic fields, etc. can supplement any access control system. Temperature change can indicate that something’s wrong; a quick drop or rise in temperature could signal that doors have been opened when they should be closed; a sign of unauthorized access. Vibration detection could indicate that a break-in is being attempted.
When combined with alarms, sensors can alert of system problems and/or security breaches. Fire suppression can also work in conjunction with security by reducing the physical risk to people and the equipment inside the rack.
A Word (or Two) About The Edge
IT cabinets within a tightly secured data center are relatively simple. Implementing security in an Edge deployment will be more complex with these deployments usually in standalone installations, without the security advantages enjoyed within a big data center.
A college campus. A community hospital. A city subway station. These examples of Edge deployments can be loaded with people, and security is far less tight than a data center. As stated earlier, a simple USB stick can grab data upon physical entry, and Bluetooth, WiFi, or other cyber approach could gain access.This requires further exploration, so we will be following up with a full article on Edge security.
5. Seamlessly Control Infrastructure Communication
As additional infrastructure products are added to an IT system, most have network communications capabilities. A high-density enclosure cooling system, an automated network monitoring system, power strips, and a rackmount UPS (mostly at Edge deployments) may all be connected through an IoT interface. It is important to treat these network infrastructure capable components with the same level of protection as traditional IT equipment (switches, servers, storage devices, etc.)
Systems that allow for active and automated monitoring and controlling of network/server racks include the CMC III from Rittal. It allows for real-time, centralized collection of environmental conditions, controls access, and sends notifications when an alarm is triggered.
Hopefully, this article helps you properly create your last line of defense and be ready for nearly any threat. Check back in a week for part 2 of our series on data center physical security.