Marian Petrescu, general manager at Voxility, examines practical ways to keep your data centre secure at rack level.
There is no doubt that today’s vast web traffic comes along with a lot of preparation in the data centre and the demand for digital content will continue to fuel data centre market growth.
The need for larger, instant capacity, which is forcing data centres to take on more power, racks, and hardware, is a result of the increased use of media and Internet-connected devices constantly feeding the networks.
As more and more industry sectors are now reliant on the internet, it is not surprising that cyber threats have become a significant problem.
With the rise of increasingly complex DDoS attacks, businesses have never been so determined to secure assets from malware. Due to their distributed nature, they become harder and harder to fend off.
While online verticals such as financial services, gaming and e-commerce have typically been the most vulnerable, any organisation with a serious online presence is now a potential target.
In response to the data centre customers' needs for assurance of total reliability and security, both physical and virtual “safety” are a high priority for IT operators.
Securing your servers
Data centres themselves must be secured. Increased virtualisation and software-defined processes mean that more and more businesses are sharing server racks and colocation space instead of having dedicated rooms/cages.
The importance of securing hardware is greater than ever thanks to this increasing complexity of legacy environments.
As a result of dynamic changes involving increased flow of people, power, and assets, data centre management is much more difficult and prone to blind spots.
Easy access to your shared floor space and equipment may lead to unintentional issues occurring.
Such risks should be managed and solved by data centre approved engineers, but there are practical and proactive steps you can take to ensure maximum safety of your servers.
Powering an ‘always on’ business IT infrastructure
Data centres are likely to have written logs, restricted access and video surveillance in place for supporting a secure facility, but less urgent problems are often overlooked.
The logical move for individuals looking to create an impenetrable security strategy, both online and off is to ensure server rooms and individual cabinets are locked.
For rack-level security, you have many choices. Varying in price and complexity, they all have pros and cons. Key cards, biometric scanners, locks, fobs, cameras and even security officers. They all offer a range of access control to servers but still one or more systems will leave your hardware penetrable.
Locks and keys
A traditional method of securing racks is to bolt them to the floor – this may not be the most sophisticated but it is effective.
All modern cabinets and enclosures are likely to come armed with a simple lock but there is no way to track and monitor who has, and who has had, access.
As well as not being scalable, this could be costly if a key is lost as every enclosure will have a separate key and all employees with access will need a copy.
Another option is a combination dial lock. Use a code to access the cabinet, which can also be overridden with a key, to improve efficiency and security. However, this presents some of the same issues as a traditional lock, and codes must all be set and changed manually.
Advanced data centre tech for a secure environment
Rack, cabinet and enclosure security has stayed low-tech over the years. Recently, the traditional lock and key has benefited from technological advances, especially in software-defined environments. IoT and biotech allow for entirely new monitoring and locking capabilities.
A card reader lock – or swing handle locks – grant access via a swipe card. Users can monitor who accesses the server, when and how often, as well as other insights. With some higher-spec models, you can even set specific access times.
Card readers are easily monitored and integrated within existing control systems while removing the need for manual modification of locks, which would be the case if each one of your servers was accessed by a manual pin code for example. However, as with legacy keys, there is no way to ensure the legitimate owner is the one using the card.
One innovation that is being deployed by companies is biometric scanners. For mission critical data, you may consider biometric locks. Using a finger or palm print as means of authentication ensures that your racks are the utmost secure.
Security may also be enhanced through deploying sensors. A light sensor may be programmed to send an alert when the lights get turned on. The same can be done when room temperature reaches a certain threshold, or whichever other variable is of concern.
Equipping any environment with this level of security will take longer, with implementation periods exceeding other options, but its necessity should be drawn from the nature of your data.
Make security happen
Securing your assets is absolutely critical to prevent equipment failure and user downtime. Today’s data centre technology is highly performant and it continues to evolve at a rapid rate.
When it comes to protecting the data centre, data security is just a part of the process. Prevention strategies and disaster recovery plans can make an important difference when faced with a natural disaster.
Security could also be enhanced from an operational point of view. Positioning business managers and IT leads within close proximity of servers is also helpful, as the ability for quick access can be invaluable in case of an emergency. The industry can often overlook the value of an employee close by in a software-defined domain.
All in all, the right method is different for everyone. But there’s no room for trial and error when referring to “data safety”. As more and more companies are focusing solely on their online presence, security is now one of the highest considerations on operators’ set of priorities.