Physical Rack Level Security: Restricting and Monitoring Access at the Rack. Mike Fahy Business Development Manager, EAS Southco, Inc.

Transcription

1 Physical Rack Level Security: Restricting and Monitoring Access at the Rack Mike Fahy Business Development Manager, EAS Southco, Inc.

2 Agenda Data center security Drivers behind the need to improve rack level security Affected data centers Electronic locking mechanisms What to monitor Access control technologies Solutions Retrofit situations

3 Typical Data Center Security

4 How Far Does Physical Security Extend?

5 Rack Security Levels Open Racks / Doorless Racks Mechanically latched / locked door Single point / Multi-point Combination locks Chain & Padlock Electronic Locks

6 Securing Data Database breaches and cyber crime cost the global economy more than $400 billion annually. Juniper research predicts it could hit $2 trillion globally by * Source: 2015 Cost of Cyber Crime Study: United States, Ponemon Institute, October 2015.

7 Biggest Challenges Presented By the Growth of the Volume of Data Source: Cloudera and Intel jointly commissioned Unisphere Research, a division of Information Today, Inc., to survey IT and corporate line of business managers involved in or responsible for data center operations. April 2016

8 Recent data from IBM Security Services shows 55% of all attacks were found to be carried out by malicious Insider Threats Outrank External Attacks insiders or inadvertent actors. Source: IBM 2015 Cyber Security Intelligence Index, Figure 5

9 Inadvertent or Malicious Action On September 23, 2014 the FBI released a warning about the security risks posed by disgruntled and former employees. The exploitation of business networks and servers by disgruntled and/or former employees has resulted in several significant FBI investigations in which individuals used their access to destroy data, steal proprietary software, obtain customer information, purchase unauthorized goods and services using customer accounts, and gain a competitive edge at a new company. Source:

10 Regulatory Compliance Requirements PCI-DSS, Payment Card Industry Data Security Standard Any physical access to data or systems that house cardholder data provides the opportunity for individuals to access devices or data and to remove systems or hardcopies, and should be appropriately restricted HIPAA Health Insurance Portability & Accountability Act Physical measures, policies and procedures to protect a covered entities electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion SOX Sarbanes Oxley SCN 404 Management assessment of internal controls controls that pertain to the preparation of financial statements FISMA Federal Information Security Management Act Organizations must limit physical access to information systems, equipment and the respective operating environments to authorized individuals. CIP Critical Infrastructure Protection Act Protecting Critical Cyber Assets by restricting, monitoring and logging physical access. CJIS (Criminal Justice Information Services), FedRamp (Federal Risk and Authorization Management Program), SSAE16 SOC2

11 Affected Data Centers Financial Healthcare Colocation Government Utilities Universities

12 Rack Access Evolution Traditional Rack Access Intelligent Physical Security Security Compliance Convenience Cabinet level mechanical key lock Single or multiple key codes Manual access management Electronic locking Digital access credentials Integrated access control systems

13 Front door/back door Multi-bay cabinets Centralized vs dedicated access control Remote Access Virtual Cages Hot aisle containment Design Considerations

14 Electronic door strikes Electromagnets Fixed cam locks Swing handles Cam locks Push to close locks Slide bolts Rotary style Pin latches Electronic Locking Mechanisms

15 Lock status Electrically locked/unlocked Mechanically locked/unlocked Latch status Handle up/down Locked mechanism Door status high temp Link to IP Camera What to Monitor

16 Override Solutions Mechanical Integrated key lock Engage with key lock Cable Keyed panel access Electrical Redundant power Override power key Separate power terminals

17 Keypad something you know RFID something you have Prox (125 KHz) Smart Card (13.56 MHz) Access Control Technologies Biometrics something that is you Fingerprint / Hand / Eye

18 Access Control Technologies Advantage Disadvantage Keypads No credential to carry Security risk RF Proximity Building integration Requires physical credential Better security Electronic keys Easier transition, familiarity Management of electronic keys Biometrics No credential, nothing to recall Acceptance, reliability Remote control Higher security Less convenience Standalone Simplified setup no software No remote credential management Networked wired, wireless Remote management More complex install

19 Integrated Access Control Access Control Reader and Electronic Lock in one product No additional drilling or cutting required for access control reader

20 Self Contained Electronic Locks Access control and electronic locking in one product Easy transition from mechanical keyed locks to electronic access Keypad or RFID Card Options Typically battery based solutions Standalone no software or networking No real time monitoring Sneakernet set-up and audit trail Some work with multi-point latch systems

21 Integration With Existing Building Physical Access Control (PAC) System Utilizes existing infrastructure Same software that controls access to the building front door controls access to rack doors Building access credentials can be used at rack level Adding capacity to building PAC system can be costly Wiring needs to run from each cabinet to building PAC system panel

22 Independent Networked Access Control System Systems specifically designed for rack level security Have their own software and user interface Building access credentials can still be used at rack level Some communicate with existing PAC system to share credentials and transactions Some are bus based, some are network appliances

23 New build vs retrofit Existing panel preps Electronic Access Retrofit Install Warranty (no drilling / cutting) Electronic Deadbolt Access control reader & wiring integration

24 Summary Electronic access solutions at the rack provide the ultimate protection of data integrity Select from basic standalone to fully IP based networked solutions Electronic lock is the most critical element Flexible electronic locking devices can be integrated with any remote access control system Retrofits require appropriate planning for wiring and lock install

25 Thank you for your participation!