Access at the Rack Level in Your



Similar documents
Electronic Access Control Solutions

Security Controls What Works. Southside Virginia Community College: Security Awareness

Product Guide. Product Guide 2014 EMKA, Inc. Page 1 of 12

solutions Biometrics integration

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard

WHITEPAPER. Compliance: what it means for databases

Best Practices in. Best IT Asset Management through Smart RFID-Enabled Software. Art Barton, Director of RFID Strategies, RFTrail

Using Data Loss Prevention for Financial Institutions Banks, Credit Unions, Payments

Digitus Biometrics Product Catalogue. Request a quote or design assistance by ing sales@digitus-biometrics.com or calling

IT Security & Compliance Risk Assessment Capabilities

Which is the Right EMM: Enterprise Mobility Management. Craig Cohen - President & CEO Adam Karneboge - CTO

Montclair State University. HIPAA Security Policy

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Directed Circuits Meet Today s Security Challenges in Enterprise Remote Monitoring. A White Paper from the Experts in Business-Critical Continuity TM

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

DATA CENTER SERVICES

CHIS, Inc. Privacy General Guidelines

Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Marquee

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

Nine Network Considerations in the New HIPAA Landscape

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS

The Value of Vulnerability Management*

Security standards PCI-DSS, HIPAA, FISMA, ISO End Point Corporation, Jon Jensen,

Feature. Log Management: A Pragmatic Approach to PCI DSS

Protecting datacenters & mission critical facilities - using IP based systems. Presented by: Jeffrey Lam RCDD Director, Global Accts, Asia ANIXTER

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

Managing Cloud Computing Risk

SOOKASA WHITEPAPER HIPAA COMPLIANCE.

ADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF. Cheryl Granto Information Security Manager, UFIT Information Security

HIPAA Employee Compliance Program TRAINING MANUAL

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.

1. Thwart attacks on your network.

RFID Tags - Advantages, Disadvantages and Solutions

Page 1 of 15. VISC Third Party Guideline

[Insert Company Logo]

Self-Service SOX Auditing With S3 Control

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

How-To Guide: Cyber Security. Content Provided by

Altius IT Policy Collection Compliance and Standards Matrix

Contingency Plan for HIPAA

Access Professional Edition Selection Guide

Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA Compliance and the Protection of Patient Health Information

Sarbanes-Oxley Act. Solution Brief. Sarbanes-Oxley Act. Publication Date: March 17, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

SECURITY. Risk & Compliance Services

BYOD and Its Impact on IT. Making it easy to deploy, integrate and manage Macs, iphones and ipads in a Windows environment

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Managing Mobile Device Security

ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT

Mobile Device Security Is there an app for that?

A Flexible and Comprehensive Approach to a Cloud Compliance Program

HIPAA Security Alert

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

The Impact of HIPAA and HITECH

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

Managing Cyber & Privacy Risks

HIPAA RISK ASSESSMENT

Security Information Lifecycle

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Preparing for the HIPAA Security Rule

Security Management System

Virtualization Impact on Compliance and Audit

C24 - Inside the Data Center Andrew J. Luca

QRadar SIEM 6.3 Datasheet

Security & Privacy Strategies for Expanded Communities. Deven McGraw Partner Manatt, Phelps & Phillips LLP

AlienVault for Regulatory Compliance

Board Portal Essentials for Community Banking

Cyber, Security and Privacy Questionnaire

Why Encryption is Essential to the Safety of Your Business

The SparkWeave Private Cloud & Secure Collaboration Suite. Core Features

Top 5 Reasons to Choose User-Friendly Strong Authentication

Transcription:

Securing and Monitoring Physical Access at the Rack Level in Your Data Center Steve Spatig, BSME Mike Fahy, BSME Southco, Inc. In lieu of paper evaluations for each session at the Winter Conference, all evaluations may now be taken digitally from your laptop, tablet or smartphone. Download the Winter Conference App at www.bicsi.org/apps i or go to www.bicsi.org/surveys to provide your feedback for each of the sessions you attend. For your safety, please note that emergency exits are located to the left or right of this room.

Rack Level Security

Situational Analysis Growing need for enhanced rack level physical security within the Data Center Driven by need for security, compliance and convenient key/access management Need to bridge the gap between building security & rack access with simplified, flexible electronic access platforms

Why Access Control at the Rack Level? Human Error Theft Hardware or data Vandalism Audit trail capability Regulatory Requirements

Compliance PCI-DSS, Payment Card Industry Data Security Standard Any physical access to data or systems that house cardholder data provides the opportunity for individuals to access devices or data and to remove systems or hardcopies, and should be appropriately restricted HIPAA Health Insurance Portability & Accountability Act Physical measures, policies and procedures to protect a covered entities electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion SOX Sarbanes Oxley SCN 404 Management assessment of internal controls controls that pertain to the preparation of financial statements FISMA Federal Information Security Management Act Organizations must limit physical access to information systems, equipment and the respective operating environments to authorized individuals.

Cost of Noncompliance BlueCross BlueShield of Tennessee fined $1.5 million by the Department of Health and Human services for HIPAA violation HealthNet, Rancho Cordova missing several server drives, 1.9 million individuals affected, $500k in fines to date HIPAA fines of up to $100k/ violation, $1.5M/year Average economic impact of data breach = $2.4M Increased audit activity starting in 2013

Affected Data Centers Financial Healthcare Government Colocation Universities

Typical Data Center Security

How Far Does Physical Security Extend? Minimal Security Secure

Rack Access Evolution Traditional Rack Access Intelligent Physical Security Security Compliance Convenience Cabinet level mechanical key lock Single or multiple l key codes Manual access management Electronic locking Digital it access credentials Integrated access control system

Solutions

Rack Access Control Architecture Front door/back door Co-location cabinets Individual rack access versus access by row Virtual Cages Remote access

Self Contained Electronic Access Standalone,, no network No software Battery Operated Keypad or RFID Lock Status

Building Security Integration Wiegand output Lock/Door Status Lock control Credential Management Building Access

Independent Networked Access Control TCP/IP Serial output Lock/Door Status Lock control Credential Management

Summary Complete Data Center physical security requires an integrated, t tiered access control system from Data Center entrance down to the data storage equipment Current mechanical key lock based solutions provide only a very basic level of access control and may not meet compliance requirements Multiple solutions exist to bridge the gap between building security & rack access depending on the needs of the Data Center

Securing and Monitoring Physical Access at the Rack Level in Your Data Center Steve Spatig, BSME Mike Fahy, BSME Southco, Inc. In lieu of paper evaluations for each session at the Winter Conference, all evaluations may now be taken digitally i from your laptop, tablet or smartphone. Download the Winter Conference App at www.bicsi.org/apps or go to www.bicsi.org/surveys to provide your feedback for each of the sessions you attend.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information