[BreachExchange] The Do’s and Don’ts of Data Center Security
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Apr 10 18:59:52 EDT 2018
https://datacenterfrontier.com/dos-donts-data-center-security/
As data centers take on a more prominent role in our businesses and our
lives, they face greater security risks than ever before. International or
domestic terrorists may seek to damage data centers in order to disrupt our
way of life, commerce, and economy. “Thrill-seekers” might want to generate
a media frenzy by causing massive damage. Even so-called “common criminals”
can make money on the black market by selling stolen equipment such as
servers, cables, and the copper wire stored on data center construction
sites.
The case for data center security has never been stronger. Plus we’ve
learned a lot over the last 15-20 years about data center security. What
works and what doesn’t. What’s for show and what’s for real. And new
technologies are on the horizon which could cost-effectively enhance data
center security.
This article presents some of the critical “do’s and don’ts” of data center
security.
Security Officers Form a Critical Layer of Defense
Here are some tips to maximize the effectiveness of a key component of any
security system – your people.
Build an in-house team of security professionals – Typically the first
human contact at a data center is with a security person. You want
thoroughly vetted, full-time, professional security officers who are 100%
vested in the company’s success while proudly wearing your logo.
Hire for security and service skills – Former military or law enforcement
personnel are often the best at understanding the “always be prepared”
nature of security, even on nights and weekends. Also, look for
service-oriented people who will boost the company’s reputation by
escorting people in need of assistance, tidying up when necessary, and
promptly handling issues with plumbing, wildlife, parking, and whatever
else may come up.
Train well and train often – Guards must quickly analyze data from
pan-tilt-and-zoom cameras, 360-degree perimeter and roof cameras,
under-floor intrusion detection systems, and above-cage environment
security. Staff must also be ready to notice suspicious visitors who wear
bulky clothing in the summer, show the imprint of a concealed weapon, alter
or hide their appearance, etc.
Document processes and run drills – Security officers need defined rounds
with documented performance. Define scenarios, develop processes, and run
tests to keep everyone prepared.
Technology to Use, and Avoid
Interior security
Iris scanners are better than ever – The speed of modern iris scanners is
excellent. More advanced iris scanners now incorporate 3-in-1
authentication with iris, badge, and PIN code readers. High end scanners
can even tell the difference between a “live” eyeball and a fake one.
Turnstiles are improving as entrance controls – New anti-tailgate access
control turnstiles are better than older weight-sensitive portals because
they can sense and deny access to two people trying to enter your facility
back-to-back.
Facial recognition technology isn’t ready yet – Facial recognition
technology is improving, but is still too easy to fake or work around to be
trusted as an access tool for a data center.
Cameras generate crucial data – High definition, pan-tilt-zoom (PTZ)
cameras are a must. Video management systems use pattern-based technology
to evaluate people and vehicles in real-time, and are teachable to refine
accuracy.
Access control systems can save lives – Newer systems can locate people
inside your data center so they can be reached in an emergency evacuation,
and analyze actions of potential intruders.
Exterior Security
Autonomous drones can deter and detect – With high-definition cameras and
facial recognition technology, these “eyes in the sky” can alert guards of
abnormal activity. A very visible deterrent, drones can be programmed to
fly in patterns that can’t be predicted by trespassers.
Anti-climb fencing is a must – Fences are a visual deterrent, especially
with pointed tip bars that curve outward. Dual-coated, corrosion-resistant
finishes preserve the professional look of your property.
Anti-ram gates dissuade other threats – A security checkpoint equipped with
an M30-P1 rated, anti-ram barrier arm protects your site from a
15,000-pound truck traveling up to 30 mph.
Should your security staff be visibly armed with guns?
The question of whether data center security staff should be armed or not
has been a point of debate for security leaders. The fundamental question:
do armed security guards reduce or increase risk in the data center?
Here are some points to consider when deciding if your security staff
should carry guns.
- Armed guards require more training and certification – Managing armed
security guards requires significantly higher training and ongoing
certification.
- Are guns a deterrent? – While some invaders may be deterred by armed
security staff, others may not if they are motivated beyond their own
safety.
- Are guns effective? – A shootout could neutralize an intruder, but could
also cause significant collateral damage to people or equipment. Bullets
ricocheting through a data vault could be catastrophic.
- Do guns make you feel safe or stressed? – Visible guns can be an
upsetting reminder to data center employees and customers of the
possibility of a dangerous event.
Security Improvements You May Not Have Thought About
Here are some often overlooked ways to improve the security profile of your
data center.
Ask for support from the U.S. Government – At one time, data centers were
not classified as critical infrastructure by the Department of Homeland
Security. Now they are. That means there are studies available to help you
improve your security strategy and federal funds to help secure crucial
fiber points outside of the data center perimeter.
Monitor news and weather events in real-time – Keeping one eye on current
news and one on live weather tracking is imperative. It is also necessary
to stay up-to-date on “big picture trends” to gauge new threat risks
related to technology, criminal risk/reward thresholds, factors driving
criminal motivation, etc.
Develop security working groups – Connect with other security professionals
in your area to share information that everyone can benefit from.
Reach out for help at all levels – Develop, foster, and maintain
relationships with federal, state, and local law enforcement and emergency
services.
How to sleep better at night
To deter and stop intrusions, RagingWire deploys a defense-in-depth
strategy based on the following checklist:
- Exterior and interior security checkpoints that are electronically
operated and monitored 24/7/365 by our well-trained in-house security team.
- Multi-factor systems that require something to carry (such as a token or
magnetic card), something to remember (a PIN code), and something that is a
part of you (a biometric aspect).
- Audits that are performed quarterly in line with SOC 2 requirements.
Drills and tests are performed regularly as well.
- Visitor monitoring through an integrated system of access control,
mantraps and video management.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180410/39fe7103/attachment.html>
More information about the BreachExchange
mailing list