(This blog post from CPI explores physical access control solutions for your data center cabinets. Check it out! -Teddi)
The number of breached records in business organizations jumped significantly in 2019, with over 8.5 billion records exposed. That’s more than three times greater than 2018 year-over-year, according to the 2020 IBM X-Force Threat Intelligence Index.
In a reality where data has become the world’s most valued asset, privacy and ethical management of data are not only priorities, they’re now law.
All data privacy standards and regulations require physical access control measures for data processing and storage equipment, but with most regulations, it is up to them to decide which specific method of technology to use.
In general, compliance to regulations requires a method to:
• Physically secure data processing and storage equipment
• Identify and manage authorized accessors
• Manage access to the physically secure space
• Keep records of access to the physically secure space
Five Considerations When Building an Access Control System
1. Physical Security: First Line of Defense
For an enterprise-owned, single-tenant site, room-level security could be considered sufficient. Particularly in multitenant data centers (MTDCs) and remote sites, physical access control at the cabinet level simplifies management and prevents unauthorized users to access the servers and switches in which data is stored.
Electronic lock and access control systems automate monitoring, documenting and control of access and allow fast reprogramming if access rights change or if a credential is lost or stolen.
2. Key and Rights Management
When keyed locks are used to secure equipment cabinets, companies must have a strong and completely effective key management program. Typically, all cabinets are keyed alike. It is possible to use combination locks, or have groups of cabinets keyed differently to limit access, but this requires a strong system for documenting assigned combinations.
In contrast, electronic locking can be reprogrammed quickly with new access codes, and no hardware modification is required. Each use can have different and specific rights, and the setup of rights in the software is simultaneously documenting the assigned access codes (keys).
3. Logging Reports and Auditing
Having users sign in at controlled front building access documents the person’s presence in the building but not their access to individual cabinets.
Electronic locking and access control systems automate the logging of access at the cabinet level and enable automated reporting by user or cabinet. This speeds preparation for an audit and helps narrow the scope of event investigations.
4. Event Response
When a data breach occurs, immediate event response is critical. With a keyed lock system, IT must manually check the condition of doors and locks. If a key is lost or stolen, they must rekey the lock.
Electronic locking and access control systems simplify, shorten and in some cases, automate these responses.
5. Jurisdiction: IT or Facilities Management?
In most data center facilities, security is deployed via a building management system platform, owned and managed by facilities management. When it comes to data center cabinets and systems, security is most often controlled by IT, given it is the IT department that oversees data protection and the controls applications the reside in the equipment.
It would behoove both IT managers and facility management to understand better the responsibilities and functions of each other’s team as they come together to achieve security goals.
Learn more about what to consider and the essential capabilities to look for when selecting a rack-level electronic lock solution. Read the full article.