As the data on your network becomes more valuable, protecting it becomes more critical. When we talk about securing networks, an important component (but not the only component) is securing the data center that the network resides in.
In this blog post, we outline ways to secure your network by ensuring data center physical security. In the future, watch for blogs about logical network security, as well as a blog about the structured cabling necessary to support data center and network physical security.
Here are four things we recommend doing to physically secure your network.
The outermost layer of network physical security aims to keep people as far away from your data center property as possible (this is especially relevant for colocation facilities). But even if your data center isn’t in a standalone building, all it takes is one stolen company laptop, one vandalized server or one bad thumb drive to expose sensitive information.
From blast-resistant glass and fence-mounted intrusion detection systems to large boulders and bushes, deterrents (both obvious and unobtrusive) can keep people from getting too close – whether they’re on foot or in a vehicle. Consider your physical perimeter security to be almost like a physical “firewall” for your building.
Decide whether it’s possible to limit facility entry points. When you have one main entrance, it forces everyone to come in the same way, make contact with someone at a front desk and cross in front of surveillance cameras (if they’re installed at the entrance).
When additional exits are required by code, consider installing doors without exterior handles. They can be used to safely leave the facility, but are very difficult to open from the outside. These doors should also be connected to a loud alarm that sounds and sends notification about a potential breach.
Access control at facility and data center entrances is a necessity; this will let you remotely manage who has access to the facility and when (and to which parts). You’ll also be able to track who entered and how long they were there. In order for guests or visitors to enter the building beyond the front desk, they should be required to check in and receive a temporary access pass. For contractors who need to access the data center space, access cards can be given with specific expiration dates/times so they can only enter the space when you’re ready for them to – and can’t get back in once they leave.
Cameras can be used at all levels: the exterior perimeter, facility and data center entrances, on cages in colocation spaces, on specific rows within the data center, etc. Surveillance footage can be recorded and archived, allowing it to be easily retrieved and reviewed if necessary. Make sure the surveillance system can provide quality images in low-light environments so you can tell who enters and exits, see what they’re carrying, capture license plate numbers, apply facial and license plate recognition, etc.
It’s not just external threats you need to worry about. According to an IBM survey conducted in 2014, 55% of all network attacks involve company insiders or employees who have data center access. With just a thumb drive, any vendor, contractor, consultant or employee who has authorized access can steal valuable information and take it outside the organization, or plant a debilitating virus.
A cabinet access control system offers customizable management, administration and reporting. These modern locking systems using biometrics, RFID cards or coded locking handles that provide user authentication and allow you to track cabinet access. If an incident occurs, you’ve got an audit trail that will pinpoint how the breach happened – and who is responsible.
Physical security at the cabinet level can also help with regulatory compliance, whether it’s HIPAA, HITECH or Sarbanes-Oxley. Regulations may not call for cabinet-level physical security, but it can reliably ensure that your network is protected.
For additional information about physical security to protect your network TIA-942-A also outlines security tiers.
Belden offers solutions that control access at all levels with smart security systems. Learn more about securing your network at all levels.
Did you enjoy reading this blog article? Be sure to share your thoughts and questions in the comments section below!
Michael Masucci has worked in the telecommunications industry throughout his 40-year career, holding business development, project management and engineering positions at Belden. He first joined the company in 1979, and today serves as an enterprise solutions engineer with expertise on the physical layer of the ISO model. He was the Belden’s project manager for the 2010 Vancouver Winter Olympic Games.