Issue link: http://cp.revolio.com/i/686088
16 | THE DATA CENTER JOURNAL www.datacenterjournal.com e risk factors associated with cyber- crime are only accelerating: • Database breaches and cybercrime cost the global economy over $400 billion annually, based on a 2015 industry study 1 • e FBI has issued a formal warning about the risks posed by disgruntled and former employees, noting several significant investigations where indi- viduals exploited business networks and servers, stealing proprietary soware, obtaining customer information and purchasing unauthorized goods and services using customer accounts 2 • Recent data from IBM Security Services shows that 55 percent of all attacks were carried out by malicious insiders or inadvertent actors (accidental events) 3 In addition, multiple regulatory and compliance requirements create additional layers of responsibility for data center managers. ere are increasing enforce- ment requirements of U.S. data -protec- tion regulations, such as the Health Insur- ance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS) and the Fed- eral Information Security Management Act (FISMA) that mandate organizations must limit physical access to information systems, equipment and the respective operating environments to authorized individuals. groWth In data centers creates VulneraBIlItIes Two core IT trends are driving the growth of data centers: cloud computing and outsourcing. More specifically, many businesses of widely varying sizes and 1 "2015 Cost of Cyber Crime Study: United States," Ponemon Institute, October 2015. 2 "Increase in Insider reat Cases Highlight Significant Risks to Business Networks and Propri- etary Information," US Department of Homeland Security, September 23, 2014. 3 "IBM 2015 Cyber Security Intelligence Index," Figure 5, 2015. industries are finding that maintaining their own enterprise-computing plat- forms has become time-consuming and increasingly expensive, involving factors such as maintaining sufficient power (and backup), handling environmental cooling and implementing the latest server and router technology. By turning to a shared data center, that infrastructure is already in place, along with commitments to 100 percent uptime. For companies that aren't in the IT business, this approach makes the most economic sense. e risk—and thus the data center management's responsibility— is in making sure that each server rack containing a company's digital assets, and their public and private networks, is as safe and secure as if it were locked inside their own building. current data center securIty practIces Data center operators make sig- nificant investments in cyber security, erecting firewalls and deploying powerful soware programs to prevent cybercrimes. Increasingly, they are focusing efforts and investments on controlling the physical security of electronics and telecommuni- cations enclosures as well. e steady stream of service techni- cians who need access to the server racks, communications hardware and electrical and environmental systems for mainte- nance, upgrade and expansion tasks pres- ents many access-control challenges for the data center manager. From a security perspective, inside personnel are just as much of a risk as outside personnel, and they need to be managed and secured dur- ing their time in the facility. Many data centers focus their securi- ty efforts on access control to the grounds, the buildings and the secure areas within: • Access to the building is oen gated, offering exterior physical protection elements to secure the entire site and requiring a guard to verify and docu- ment entry through the gate. • Once individuals enter the facility, they typically sign in with a live guard and receive credentials for access to specific areas. • In some facilities, access to a spe- cific floor or enclosure area is further controlled by a "man trap" with two sets of doors accessed via an electronic badge, either RFID or biometric; the visitor must be verified at each door to prevent shadowing or tailgating, where two individuals attempt to enter on one person's badge. Although this level of security is effective, it's incomplete: oen, minimal physical security is in place to prevent unauthorized access to the cabinets that store valuable equipment and data once someone has entered the server room. e most common form of security control on server-cabinet doors (assuming they have doors) is a mechanical key lock. A common risk associated with this type of basic physical rack security is duplica- tion: while there may be hundreds of racks with key locks or key codes, there may only be a few dozen different keys or key codes for the entire center. Tracking who accesses which server rack can also be problematic. Most server rooms have cameras mounted in the room to monitor and record activities, but it can be difficult to distinguish, in a room with multiple rows of nearly identical server rows and racks, whether one individual is accessing the correct server. extendIng physIcal securIty to the rack leVel e server rack is the final point of data vulnerability in the data center, so it makes sense to consider implementing the same level of sophisticated physical security and access-control monitoring already established at every other level of entry in the data center. Electronic access solutions, like electronic locks and latches, offer a modular security solution designed for simple integration into data center