Protecting datacenters & mission critical facilities - using IP based systems. Presented by: Jeffrey Lam RCDD Director, Global Accts, Asia ANIXTER



Similar documents
IP-Based Infrastructure Solutions for Critical Spaces. Presented by: Andrew Flint, RCDD/NTS Regional Technical Manager

Middleborough Police Electronic Security Narrative

Subject: County of Los Angeles Data Center Space Requirement

TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1

A guide to access control for manufacturing sites

Major Risks and Recommended Solutions

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard

How To Ensure Security At A Site Security Site

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Automating Infrastructure A connectivity perspective for BICSI SEA meeting, November 2011

GMS GRAPHICAL MANAGEMENT SYSTEM

Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Marquee

Hosted Testing and Grading

Why All Data Centers are Not Created Equal

Electronic Access Control Solutions

>>IP. VIDEO INTERCOM & SMART HOME TCP/IP video intercom solution expert

Security Management System

Access CONTROL. MANAGEMENT Software

Georgia Institute of Technology Data Protection Safeguards Version: 2.0

A Decision Maker s Guide to Securing an IT Infrastructure

Write up on PSIM PHYSICAL SECURITY INFORMATION MANAGEMENT

Vendor Questionnaire

Department of the Interior

Products. Technology. Services. Delivered Globally. ANIXTER IPASSURED SM FOR SECURITY APPLICATIONS

CBIO Security White Paper

Vindicator Security Solutions. Security for Mission-Critical Applications

P2000 SECURITY management SYSTEM. More control means more freedom

Network Design Incorporated

Customer Guide to the DATAONE Datacenter

Surveillance and Security for Casinos. Cost-Effective Solutions for Any Size Facility

Supplier Information Security Addendum for GE Restricted Data

Product Guide. Product Guide 2014 EMKA, Inc. Page 1 of 12

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Integrated Physical Security and Incident Management

Security Overview. BlackBerry Corporate Infrastructure

GATES, GUARDS, AND GADGETS: AN INTRODUCTION TO THE PHYSICAL SECURITY OF IT

Security Management System

CONTENTS. Security Policy

Tenzing Security Services and Best Practices

CDW Advanced Image Deployment Service Customer Guide

vcloud SERVICE Virtual Tech in partnership with Equinix - vcloud Service

Autodesk PLM 360 Security Whitepaper

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

System Security Plan University of Texas Health Science Center School of Public Health

SYMMETRY PRODUCT OVERVIEW

Healthcare Security Solutions. Building Technologies

SYMMETRY. DATASHEET ACCESS CONTROL Product Overview

Integration of Visitor Management with Access Control Systems

integrated fire and security solutions Maximum protection for buildings

Cisco Physical Access Manager

EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

IP Surveillance. Presentation for BICSI Regional Conference Troy, Michigan March 15, Tom Jones, PE, RCDD / NTS Field Sales Engineer, D-Link

Reliable Security Solutions

Georgia Tech Aerospace Server French building Server Room. Server Room Policy Handbook: Scope, Processes and Procedure

Supply Chain Security Audit Tool - Warehousing/Distribution

How To Ensure Your Supplier Is Secure

Network/Cyber Security

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

TAC I/A Series Continuum Security Solutions Redefining Security for the Modern Facility

Security Whitepaper: ivvy Products

IPP offering with Bosch access control Access Professional Edition integration into Milestone XProtect

Introduction. Industry Changes

DIVISION 28 ELECTRONIC SAFETY AND SECURITY

Payment Card Industry (PCI) Compliance. Management Guidelines

NLSS Gateway Video Management Access Control Video Analytics Intrusion Remote Monitoring Cloud-Based Security

Guide for Non-Profit Housing Societies Security Guide Table of Contents

Global Partner Management Notice

HIPAA ephi Security Guidance for Researchers

Finance/Banking Security Solutions YOUR PARTNER OF CHOICE. Global Solutions For A Global Economy

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

Commercial Security Made Simple with Cloud Video Surveillance

HEC Security & Compliance

AT&T Internet Data Center Site Specification - Phoenix Area (Mesa, AZ)

Security and Managed Services

Data Security Concerns for the Electric Grid

Physical Security for Drinking Water Facilities

The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures

Web Hosting Features

Nuclear Plant Security Systems

Envera Security Solution for Via Sol CDD Community.

Transcription:

Protecting datacenters & mission critical facilities - using IP based systems Presented by: Jeffrey Lam RCDD Director, Global Accts, Asia ANIXTER

Agenda Industry drivers Business trends Developing the physical security plan for data centers Physical protection guidelines and strategies Crime Prevention Through Environmental Design (CPTED) TIA-942 standard Security technologies for data centers Perimeter layer controls Facility layer controls Computer room layer controls Cabinet-level controls

Industry Drivers for Data Center Security Sensitive data Medical records Social Security numbers Financial transactions and cardholder data Intellectual property and confidential information Critical infrastructure and key resources As defined by the Department of Homeland Security: The assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof.

Data Security Breaches Source: http://www.privacyrights.org/ar/chrondatabreaches.htm#2010

Protecting your information! Physical Security Logical Security Only Physical Security Tracks people Limits access to areas, spaces Provides audit of who accessed what Integrates with video to provide visual record Logical Security Tracks logins Limits access to servers, folders and applications Provides audit trail of what login accessed what data

Business Trends in Security Systems Moving from reactive toward predictive response Providing additional operator control Preserving existing capital investment Regulatory requirements PCI DSS, HIPAA, Sarbanes-Oxley, etc.

Technology Trends in Security Systems Analog-to-digital migration Digital allows better image management Record, store, search, retrieve, share, send System Integration for greater efficiency Standardized structured approach Modular, flexible implementation Easy moves, adds and changes (MAC) Anywhere - anytime monitoring Video Analytics

Developing the Physical Security Plan Physical Protection Guidelines & Strategies Technologies for Data Center Security

Physical Protection Guidelines and Strategies Crime Prevention Through Environmental Design (CPTED) Awareness of how people use space All space has a designated purpose Social, cultural, legal and physical dimensions affect behavior Control physical setting to change behavior Understand and change behavior in relation to physical surroundings Redesign space to encourage legitimate behaviors and discourage illegitimate use

Security Technologies for Data Centers Site Selection Defense in depth Implement layers of protection Ensure failure of one element in the system will not create a critical vulnerability in the whole system Delay penetration in event of breaches Perimeter Facility Computer Rooms Cabinets

TIA-942 Data Center Site Selection Criteria Secure all cooling equipment, generators, fuel tanks or access provider equipment outside the customer space Computer rooms should not be located near a parking garage The building should not be located: In a 100-year flood plain / near an earthquake fault / on a hill subject to slide risk, / downstream from a dam or water tower Within 0.4 km (¼ mile) of an airport, research lab, chemical plant, landfill, river, coastline or dam Within 0.8 km (½ mile) of a military base Within 1.6 km (1 mile) of a nuclear, munitions or defense plant Adjacent to a foreign embassy In high-crime areas

Locations EIA/TIA vs China GB Code

TIA-942 Data Center Security Tiers Source: ANSI/TIA-942

Perimeter Layer Controls Selection of Site Site hardening Video surveillance

Perimeter Layer Controls Goals Deter, detect and delay Integrate systems Provide layers of protection Security measures Physical barriers Site hardening Lighting Intrusion detection Video surveillance Physical entry and access control Perimeter Facility Computer Rooms Cabinets

Site Hardening Security walls and gates No signage indicating data center purpose Parking away from building Clear zones Psychological impact Intimidating doors & hardware Steel doors and heavy-duty locks

Perimeter Video Surveillance Monitor Parking lots Entry and exit points Garbage bins Power or cooling facilities Building facade and rooftop Detect Motion detection Sound alarm when triggered Intelligent video analytics Object left behind People counting Wrong way

Video Surveillance: Network Video Megapixel Resolution HDTV HDTV 5.03.1 MP 1080 MP 720 VGA (2560x1920) (1920x1080) (2048x1535) (1280x720) (640x480) Image courtesy of IQinVision

Impact of the Cabling Infrastructure IP Video Minimally Compliant Category 5e IP Video Category 6A A Category 5e cabling infrastructure s absence of headroom minimizes the infrastructure s ability to compensate for marginal electronics A Category 6A cabling infrastructure provides headroom to overcome issues related to the electronics

Facility Layer Controls Access Control and Video Analytics

Facility Layer Controls Goals Secondary layer of protection Further restrict access Redundant power and communications Integrated systems Security measures Access control Man-traps Turnstiles Visitor management Video surveillance Perimeter Facility Computer Rooms Cabinets

Access Control Man-traps Two interlocking doors open only one at a time after presenting authorized credential Turnstiles Physically allow only one person to pass through at a time Incorporate weight bridge

Visitor Management Paper sign-in sheets not secure Incomplete, illegible any visitor can view the log Use a driver s license, passport, photo ID Scanned, recorded in a secure database Customizable High-quality badges printed by guard Integrate with access control systems Badges can automatically expire VOID may appear across the badge Change in color Rendered inactive after a certain time or date

Indoor Video Surveillance Monitor exits as well as entrances Integrate with access control to monitor internal access Use high-resolution cameras for identification purposes Configure systems to record on motion or event to save storage requirements Consider video compression technology

Detection vs recognition Image courtesy of Scientific Working Group on Imaging Technology & APTA Draft Guidelines for Cameras and Digital Video Recording Systems

Computer Room Layer Controls Identification Asset tracking

Computer Room Layer Controls Goals Third layer of protection Further restrict access Monitor all authorized access Security measures Man-traps and turnstiles Video analytics Biometrics RFID 6 wall border No windows or skylights Secure air-handling systems Perimeter Facility Computer Rooms Cabinets

Access Control Verification Methods Carried Item carried by the individual: metal keys, proxy cards, mag cards, photo ID, smart cards Known Private information: PIN, passwords, code words Inherent Biometric features finger and thumb prints, hand geometry, iris scan, speech pattern Image courtesy of HID Global and Ingersoll Rand Security Technologies

Final design Comms. C R A U C R A U MDA Reserved for future racks racks racks Operating Console

Video Surveilliance Video Analytics Incorporate people counting software Corridor view Same resolution and distance Different level of details

RFID for the Data Center Environment Eliminate manual spreadsheets for tracking Inventory Asset locations Life-cycle data RFID technologies can provide instant awareness of data center assets Rack-mounted equipment Mobile equipment such as laptops Employees (e.g., credential tags) Some systems also offer environmental monitoring sensors

Cabinet Layer Controls Cabinet Level access control Intelligent Infrastructure Management

Cabinet-Level Controls Goals Last line of defence Further restrict access Integrated systems for enhanced awareness Perimeter Facility Computer Rooms Cabinets Security measures Cabinet-level locking Audit trails Intelligent infrastructure

TZ Praetorian Cabinet Locking System Increase security at the cabinet level Work with existing enterprise access control systems Bring electronic security & audit trail capability to the cabinet level Integrate with in-cabinet CCTV camera unlocked locked

Intelligent Infrastructure Monitoring Intelligent Infrastructure Monitoring Aka Intelligent cabling solutions Hardware: electronic panels + controller Software: server hosted 9-pin vs inference technology Intelligent ready Security benefits Monitors changes in the patch field Locates unauthorized devices

Summary IP-enabled physical security systems increase reaction time Technology stable & matured Moving toward predictive response Develop security plan by leveraging existing security best practices & industry standards Different levels of protection for perimeter, facility & computer room and cabinets Perimeter Facility Computer Rooms Cabinets

Thank you! Jeffrey Lam, RCDD jeffrey.lam@anixter.com +65 97849870