Access at the Rack Level in Your

Transcription

1 Securing and Monitoring Physical Access at the Rack Level in Your Data Center Steve Spatig, BSME Mike Fahy, BSME Southco, Inc. In lieu of paper evaluations for each session at the Winter Conference, all evaluations may now be taken digitally from your laptop, tablet or smartphone. Download the Winter Conference App at i or go to to provide your feedback for each of the sessions you attend. For your safety, please note that emergency exits are located to the left or right of this room.

2 Rack Level Security

3 Situational Analysis Growing need for enhanced rack level physical security within the Data Center Driven by need for security, compliance and convenient key/access management Need to bridge the gap between building security & rack access with simplified, flexible electronic access platforms

4 Why Access Control at the Rack Level? Human Error Theft Hardware or data Vandalism Audit trail capability Regulatory Requirements

5 Compliance PCI-DSS, Payment Card Industry Data Security Standard Any physical access to data or systems that house cardholder data provides the opportunity for individuals to access devices or data and to remove systems or hardcopies, and should be appropriately restricted HIPAA Health Insurance Portability & Accountability Act Physical measures, policies and procedures to protect a covered entities electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion SOX Sarbanes Oxley SCN 404 Management assessment of internal controls controls that pertain to the preparation of financial statements FISMA Federal Information Security Management Act Organizations must limit physical access to information systems, equipment and the respective operating environments to authorized individuals.

6 Cost of Noncompliance BlueCross BlueShield of Tennessee fined $1.5 million by the Department of Health and Human services for HIPAA violation HealthNet, Rancho Cordova missing several server drives, 1.9 million individuals affected, $500k in fines to date HIPAA fines of up to $100k/ violation, $1.5M/year Average economic impact of data breach = $2.4M Increased audit activity starting in 2013

7 Affected Data Centers Financial Healthcare Government Colocation Universities

8 Typical Data Center Security

9 How Far Does Physical Security Extend? Minimal Security Secure

10 Rack Access Evolution Traditional Rack Access Intelligent Physical Security Security Compliance Convenience Cabinet level mechanical key lock Single or multiple l key codes Manual access management Electronic locking Digital it access credentials Integrated access control system

11 Solutions

12 Rack Access Control Architecture Front door/back door Co-location cabinets Individual rack access versus access by row Virtual Cages Remote access

13 Self Contained Electronic Access Standalone,, no network No software Battery Operated Keypad or RFID Lock Status

14 Building Security Integration Wiegand output Lock/Door Status Lock control Credential Management Building Access

15 Independent Networked Access Control TCP/IP Serial output Lock/Door Status Lock control Credential Management

16 Summary Complete Data Center physical security requires an integrated, t tiered access control system from Data Center entrance down to the data storage equipment Current mechanical key lock based solutions provide only a very basic level of access control and may not meet compliance requirements Multiple solutions exist to bridge the gap between building security & rack access depending on the needs of the Data Center

17 Securing and Monitoring Physical Access at the Rack Level in Your Data Center Steve Spatig, BSME Mike Fahy, BSME Southco, Inc. In lieu of paper evaluations for each session at the Winter Conference, all evaluations may now be taken digitally i from your laptop, tablet or smartphone. Download the Winter Conference App at or go to to provide your feedback for each of the sessions you attend.