Most of us understand the need for security at the main data center entrance, as we certainly do not want those with unauthorized access touching critical networking equipment.
Unfortunately, with so much data—from personal information to intellectual property—now being transmitted and stored via the data center, protecting that information from within is becoming a greater concern than ever before.
That’s why bringing security down to cabinet level makes perfect sense. Let’s take a closer look at why.
According to a 2011 survey by Gabriel Group, more than 60% of today’s security breaches are at the hands of company insiders or others with legitimate data center access. That is certainly a scary statistic!
With plenty of advanced external network security firewalls in place, many are still under the misconception that access control at the room level is sufficient. However, anyone with access to the data center can easily steal valuable information from storage devices using a simple thumb drive. Those culprits can include vendors, contractors, consultants, maintenance personnel and even the cleaning lady.
It’s very common for large venues like hospital and universities to have areas dedicated to specific systems where outside vendors can come in to install, upgrade or maintain their equipment. Colocation data centers that lease space to customers who are responsible for installing and maintaining their own equipment need to be especially careful due to the number and range of individuals frequenting the facility.
And don’t overlook your own internal IT staff—employees who are disgruntled or looking to steal data for monetary gain or for leverage at another company can also be a threat.
The digital revolution has given way to several security regulations, most of which all include requirements for limiting physical access to information systems to only authorized individuals. While many of these regulations may not specifically call for cabinet-level physical security, they do place the onus on businesses to ensure that data is protected.
And these regulations are not to be taken lightly. Regulations like HIPAA & HITECH for healthcare information and Sarbanes-Oxley and PCI-DSS for financial data carry some hefty violation penalties that can reach well into the millions. Security at the cabinet level can go a long way in preventing a security breach and ensuring ongoing compliance with industry regulations.
And security regulations aren’t exactly getting more lenient. The increasing amount of digital information and security threats in the world today has new, tougher regulations on the rise. The European Union General Data Protection Regulation that was ratified just last year calls for all organizations within the EU and those that process any personal data of EU residents to ensure protection of data.
With cloud computing and large colocation centers on the rise, standards like SSAE 16 for data centers that restrict physical access through a combination of physical security systems and even biometric identification are actually becoming a milestone and a key selling point. Customers are choosing SSAE 16-compliant data centers because they know that they are more secure.
Whether you’re beefing up security as part of an upgrade, building a new data center or regrettably responding to a recent security breach, bringing security down to the cabinet level is more important than you might think. Remember where the equipment that transmits and stores data actually resides—in the cabinet!
Not only will cabinet-level access control help protect against potential internal threats, but it also goes a long way in ensuring compliance strict industry security regulations. That’s why we’ve introduced our new Belden Smart Cabinet Access System available on all Belden X-Series enclosures for multi-media, servers and networking equipment.
Stay tuned for my next blog for more information and considerations for deploying a cabinet-level access control system.
Mike Salvador is a 28-year industry veteran, living the challenge of operating efficient data centers, optimizing the performance of network devices and delivering highly available, highly agile, low-risk data centers. Mike served as Belden’s technical solutions manager from 2012 to 2015.