Data is growing at an exponential rate, which means data centers and security surrounding that highly sensitive business information is growing alongside it. As companies in all sectors build these infrastructures, there are many standards to choose from when it comes to how to best secure that data and the facility that houses it. Yet as data centers continue to bulge, seemingly, the security measures to protect companies’ most sensitive information are not receiving the same priority.
This isn’t just access to the building or protecting the data from hacking; critical server access, limited data center access and visitors’/contractors’ access is all part of the process to ensure the physical security of a data center is in line with customer expectations and business requirements. This, of course, includes a lot of hardware, software, wires and complicated technology that must continue to run to ensure your customers don’t see the problems associated with a disruption in service.
These facilities house redundant utilities and various security devices. Things like the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) and Sarbanes-Oxley Act (SOX) compliance play a major role in planning a data center. You can imagine what happens if any of these services go down. As the security systems integrator you can easily lose customers. At a minimum, your business brand looks bad to current and future customers, and your reputation sours.
Specialized Access Control a Must
Protecting a data center and its contents is critical to the bottom line of any modern business. That means controlling access, not only knowing who goes in and out of the area but also tracking the types of activities taking place inside. Security companies need to think about several issues in these types of installations. Data centers have server rack keys, highly sensitive facility keys, and vendor badges to control. Providing access and the ability to audit movement in and out of the area must be part of the solution. Because a variety of employees must go in and out of this sensitive area, protecting and tracking access, as well as protecting and tracking the use of keys inside, is critical to the security considerations. More importantly, the ability to ensure those keys do not leave the facility is especially valuable.
You may want to consider provisions such as key curfews that include software notifications via E-mail or text message when a key has not been returned by curfew (out too long). While this does not prevent someone from leaving a facility or area with an important key or asset, it does provide a level of control and notification so the business knows when the key has not been returned. This allows an organization to be proactive and potentially prevent a major disruption rather than being reactive the next time someone needs that key.
This type of key management solution can also be integrated into the existing access control system. It prevents an employee from “badging out” until they have returned their key or asset safely. This security feature/installation is called anti-pass-back. It prevents someone from leaving a facility or area based on the status of a particular key or asset. The individual’s badge access can be granted or revoked, ensuring they cannot pass through the access point without properly returning keys. This not only ensures only authorized personnel get in and out, but equally as important it drives the appropriate process to ensure risk is mitigated and that a tired, vengeful or forgetful employee isn’t the reason for a disruption in service or workflow.
More than ever business and government organizations are scrutinizing data centers to a higher degree in areas such as security, availability, environmental impact and adherence to standards. With so many of these centers housing an endless amount of valuable assets, essential security is always vital. A quality electronic key management program can prove to be your differentiating solution for assuring the integrity and functionality of these computer environments, and minimizing the chance of any type of security breach.
Danny Garrido has been President of TRAKA USA since 2013. He has been in the security industry for 15 years, both as an integrator and as a corporate executive, heading up Brink’s Home Security’s and Broadview Security’s dealer program before joining ADT Security as Director after the acquisition of Broadview Security.