Following is another blog by guest blogger and product line manager Denis Blouin.
Earlier this month, I blogged about the importance of cabinet-level security in the data center due to the potential for internal threats.
If you’ve realized the importance of bringing security down to the cabinet level and are planning to deploy a cabinet access control system, there are many features to consider when evaluating solutions.
When evaluating an access control system for data center cabinets, make sure that the system is flexible to meet your specific environment. For example, in a pod-based data centers where rows or groups of cabinets are segregated by function, you might want to require access for a group of cabinets rather than at individual cabinets. You might also want to support separate front and rear cabinet door access as different teams might be responsible for accessing the front and rear of equipment.
Look for cabinet access control systems that can grow with you so that you can easily expand to support additional cabinets. Centralized IP-based systems that reside on the network are ideal for supporting access control at any number of cabinets or groups of cabinets across multiple data centers.
Keyed systems for cabinets are not always the most secure option. Not only can locks potentially be picked, but keys are often misplaced, copied or passed around. And in the event of a security breach, there is no way to know who used the key. Consider smarter systems like card access or biometrics that offer higher security and the ability to record access attempts.
If you choose a card access system, more advanced smart card systems like iClass that use higher frequencies and bi-directional communication will offer better security than standard low-frequency cards that can be easily duplicated.
If your facility needs an even greater level of security, biometric systems such as fingerprint scanning requires a person to be physically present for authorized access, eliminating the possibility of access cards ending up in the wrong hands. Biometrics also enable a 100% indisputable audit trail—you always know exactly who accessed which cabinet and when. Another feature to consider for high-security environments is dual custody mode that requires two different users to be present to successfully gain access.
As mentioned, an IP-based cabinet access control system that is centrally managed via software is ideal for managing access to many cabinets across multiple facilities. Centrally managed access control systems can also receive and communicate access attempts and alarms in real time.
Make sure the system you choose can send alerts remotely to appropriate staff. System features like the ability to remotely lock and unlock specific doors or to remotely place the system into full lockdown mode also offer a more sophisticated level of management. The software should also have reporting capabilities, which is especially important for compliance with some security regulations that require regular reporting and auditing.
Other features within the software that can ease management include the ability to group cabinets into zones and establish user parameters. This allows for managing cabinet access based on specific facilities, groups of cabinets, user functions or access levels. For example, a colocation center could assign user group access to a tenant for accessing only their specific cabinets, or a data center could limit technician access to only the rear door of cabinets. Being able to set user parameters such as timebands is also ideal for limiting access of a visiting vendor to a temporary time period or for establishing access based on employee shift times.
Centrally-managed access control systems should also be able to integrate and exchange information with other systems through SNMP or other open protocols. This allows for cost-effectively integrating the system with other security systems or data center management systems (e.g., DCIM) that may also exist within a facility.
For more about what to look for in a cabinet access control system, read my recently published article on Advanced Cabinet-Level Physical Security in the January/February issue of ICT Today. And check out the new Belden Smart Cabinet Access System available on all Belden X-Series enclosures for multi-media, servers and networking equipment.
Mike Salvador is a 28-year industry veteran, living the challenge of operating efficient data centers, optimizing the performance of network devices and delivering highly available, highly agile, low-risk data centers. Mike served as Belden’s technical solutions manager from 2012 to 2015.