As more companies move to cloud-based storage solutions, data centres have emerged to securely hold and process vast quantities of personal and sensitive information. From a security perspective, data centres generally have few visitors but need robust physical security measures in place nonetheless, while measures to prevent cyber attackers must be watertight. Tim Northwood, General Manager of Inner Range, suggests nine measures for effective access control at data centres.
1. Multi-tenant sites
Most data centres host information for a range of organisations. This means many different people will need digital access to their own servers and data without being able to access anything else. Our flagship intelligent access control system, Integriti, offers ‘partitioned sites’ so security managers can create users and other global entities that only exist within the partition they were created in. The partitions are completely isolated and invisible to users in other partitions.
2. Ease of access with the right credentials
Some access control systems, including ours, offer helpful cause and effect protocols to help people find their server room or cabinet. For example, a user’s smartcard can activate specific corridor lighting and company logos, so they find what they’re looking for with ease.
3. Layered security
A well-managed data centre will have a layered approach to security, with lower levels of security in more public areas and entrances and increasing security measures for individual server rooms and cabinets. For example, users may need to present a smartcard and PIN to open the main entrance door but have to present an additional biometric credential, such as a fingerprint or iris scan to access their specific hardware.
4. Intruder detection
It goes without saying that data centres will need an intruder detection system. All our Inner Range access control products include intruder detection systems certified as Grade 3, according to European Standard EN50131-1.
The grading system reflects how skilled and prepared intruders might be. Grade 3 (on an ascending risk scale from 1 to 4) assumes intruders will have some knowledge of an alarm system and a comprehensive range of tools and portable electronic equipment.
Many insurance companies will not provide business cover unless a Grade 3 alarm system is in place.
5. IEC Security Grade 4 access control
There is an international standard for access control systems too, known as IEC-60839-11-1 Edition 1.0 2013-05 Security Grade 4. Our Integriti system can comply with this standard from the International Electrotechnics Commission, which specifies minimum functionality, performance requirements and test methods. It applies to components and systems used to control physical access for security purposes and includes requirements for logging, identification and control of information. Systems that can meet this standard will offer more robust access control measures for data centres.
6. Sensing HVAC issues
It’s essential that all data centres have an effective heating, ventilation and air conditioning system to ensure hardware doesn’t overheat or get too cold. But it’s also essential to have a robust sensor and alarm system to alert managers if the air conditioning has failed, or if there’s a fire risk.
7. Integrating CCTV and other systems
Data centres will need to run a range of individual systems to ensure the safety and security of people and equipment on site. These can include video management systems, building automation functions such as heating and lighting, biometric credentials and readers, ANPR for associated car parks, lift controls. The list goes on. Sophisticated access control systems act as core security management systems, integrating all other third-party systems so everything is controlled from one platform and can interact as needed. For example, an alarm or alert can trigger CCTV cameras and extra lighting to come on, or freeze credentials and block people entering or exiting the site.
8. Reducing vulnerable downtime
Given the sensitive nature of information held in data centres, it’s imperative there are failover protocols to prevent vulnerable downtime. Our Integriti system can run multiple instances of itself at the same time across up to 64 nodes, or servers, using Microsoft failover clustering. Clients then auto-connect to available nodes if necessary.
9. Secure communications
Secure communications the cornerstone for cyber security, whether that’s via in-house private communication networks or between access control system controllers, servers and door modules, or when the core system integrates with third-party products, such as CCTV.
A robust level of end-to-end encryption across all these communications channels and interfaces is vital for data centres. Data encryption ensures secure LAN communications at all times and continuous monitoring will detect any fault or attempted module substitution.
Ensuring the communications network is isolated also helps reduce the risk of interception.
Sandboxing is a useful software management strategy to prevent cyber attacks. It isolates applications, such as a core access control system, from third-party products that have been integrated. It provides an extra layer of security that prevents malware or harmful applications from negatively affecting your core security management system.
Without sandboxing, an application may have unrestricted access to all system resources and user data on a computer. A sandboxed app, on the other hand, can only access resources in its own ‘sandbox’. An application’s sandbox is a limited area of storage space and memory that contains the only resources the program requires. If a program needs to access resources or files outside its sandbox, permission must be explicitly granted.