Lee Funnell, technical manager at Siemon highlights the importance of physical security in the data centre and discusses specific measures that can be taken at rack level to protect mission critical infrastructure.
Unplanned data centre downtime can cost the business thousands of pounds in lost revenue. Whilst the financial implications are huge, other effects such as reduced productivity, data loss and damaged reputation can hurt a business equally as badly.
Power outages, network failures and security breaches are some of the most common causes of downtime today, but industry reports show that human error plays a significant role in data centre outages too. In a colocation facility, human error can be as simple as accidentally accessing the wrong cabinet for patching and maintenance work.
Incidents like these highlight the importance of implementing physical security in a data centre facility. To enhance security, access to cabinets should be controlled to safeguard critical IT infrastructure, especially in colocation and multi-tenant data centres where several parties share common spaces.
At the cabinet level, cabinet door security systems can significantly increase the physical security of a data centre, whereby electronic door handles eliminate the use of universal cabinet keys to open any cabinet and restrict access to mission critical equipment based on specific cabinets, roles and time periods. Leading manufacturers of data centre cabinet solutions would typically supply cabinet door security systems with their cabinet range and depending on the type, they can provide multiple layers of security through one or more levels of authentication.
Card access handles for example will unlock with a compatible low access card and biometric access handles use fingerprint biometrics to grant access. Biometric and card access handles, on the other side, allow for access via either fingerprint, card, or both for dual factor authentication. The same principle of dual factor authentication applies to pin and card (high frequency or dual frequency) access handles. Dual custody rules – common in military data centres – can also be applied which then require two persons, e.g. from pre-defined security groups, to be present to authenticate.
Server-based administration software administers users, their cards and biometrics and manages user and group permissions. It also provides real-time monitoring of all devices, including open/ closed status, propped door or forced entry, and it can deliver alerts via email. The system maintains extensive logs as to who accesses what physical hardware where and when. This becomes increasingly important for auditing purposes required for compliance and that are especially common in the finance or healthcare sectors.
These systems are available in a centralised Bus and Node System to manage access to entire groups of cabinets or PODs providing cabinet-level or end-of-row authentication. A de-centralised Sentry System will allow for the management of individual cabinets located in multiple different positions within the same data centre or in different rooms.
But there are other advantages to cabinet door security systems besides access management and control. Whilst in traditional colocation or multi-tenant environments, cages have been quite popular, they aren’t always an efficient use of space. When a tenant is using only a few cabinets, the size of their cage (to allow for space all around the cabinet) is quite large compared to their actual cabinet usage.
With a cabinet security solution, cabinet level authentication can mean that the same level of security can be reached but without wasting as much floor space. The solution is a lot more flexible. Adding or removing users to cabinets as tenants grow is much easier than moving cages around.
Whilst these security systems provide much better access control to mission critical infrastructure, physical security doesn’t stop at the cabinet door.
Secure and tamper-proof outlet locks and lockable fibre cassettes can provide a simple means of securing active equipment ports and patching environments inside a rack or cabinet. These simple and straightforward solutions – where outlet locks snap into industry standard RJ45 or LC fibre ports, block cord access and can only be removed with a specially designed key – protect against unauthorised port access and provide an extra element of physical layer security at port level.
Further, if rack mountable PDUs with ‘intelligent’ features (e.g. remote monitoring, device level or outlet level monitoring, outlet level switching/control), are deployed, an added layer of security can be applied. Because intelligent PDUs monitor the amount of power consumed by the individual connected devices, network managers can observe if equipment operates within the intended ranges for energy use. Any irregularities and hotspots can be quickly identified to prevent equipment failure that may lead to network outage.
With cabinet door security systems, outlet locks and intelligent PDUs there are several measures that can be taken at cabinet level to increase physical security. If data centre managers are looking for a more holistic approach, Automated Infrastructure Management (AIM) can be applied to track any physical layer changes in the data centre, such as unauthorised removal of equipment or connection of unapproved devices. AIM provides an accurate map of the organisation’s infrastructure and instantly identifies the location of a breach so that remedial action can swiftly be taken.
Further down the line, door security, PDUs and AIM and can be integrated into comprehensive Data Centre Infrastructure Management (DCIM) software which will give data centre operators the ability to improve infrastructure planning and design.