Data center operators have their fair share of local, state and federal regulations to keep up with. It’s no secret that businesses in various sectors – healthcare, financial, government, etc. – are governed by specific data center security rules and regulations:
HIPAA regulations are some of the most talked-about because of how far they reach, impacting healthcare providers, healthcare clearinghouses, health plans (Medicare and Medicaid) and entities or people that provide data transmission services to these types of organizations. Designed to keep health insurance, patient healthcare details and electronic billing information secure – whether on paper, electronically or verbally – healthcare entities must obey by these standards when storing, transmitting and ensuring the security of healthcare data. The alternative is to face hefty fines, criminal charges and/or jail time.
Because data centers store, transmit and process electronic protected health information, following the HITECH (Health Information Technology for Economic and Clinical Health Act) standards and citations is part of achieving HIPAA compliance. HITECH compliance involves the deployment of several security controls and processes.
Protecting healthcare data from cyber threats is becoming increasingly important, but remember this: Data on can be physically threatened or stolen as well. Keeping healthcare information on your network secure involves many layers of security, from firewalls that prevent hacker threats to physical security solutions that prevent intruders from accessing data centers.
With so many types of advanced external network security options, such as firewalls and encryption, many hospitals and healthcare businesses may think that physical security in the data center as an added layer of network protection is simply “nice to have” vs. being a crucial part of protecting information.
If physical security is in place, it’s often an access control system at the room level. Biometric identification or access cards at entrances is a viable option for data center security, but bringing physical security down to the cabinet level keeps data as secure as possible. It protects the network equipment that transmits and stores your data.
Many parties have legitimate, authorized access to your data center: vendors, contractors, consultants, maintenance personnel and internal IT staff. While you can bet that the majority of these people are accessing data center space for the right reasons, all it takes is one time for data to be tampered with or stolen. And if the threat comes from someone who already has access to the room, getting the data they want won’t be too difficult.
Most regulations recommend or require data center monitoring, alerting and auditing, but they also lack the details about implementation and processes. This leaves IT professionals to determine their own levels of data center physical security based on potential threat levels, the type of organization they are and the information they need to protect.
By bringing physical security down to the cabinet level, you can rest assured that your data is as secure as possible. A cabinet-level access control system using biometrics, RFID cards or coded locking handles allows user authentication before accessing the cabinet where data is stored and transmitted. The system can be customized to provide various levels of access to different authorized users, or the ability to provide access to groups of cabinets vs. individual cabinets.
Keyed cabinet-level access provides a basic level of cabinet security; card access and biometrics offer even higher levels of protection. They also provide an audit trail that records access attempts. You’ll know who is accessing the cabinets and when, making it easier to pinpoint how a breach may have occurred.
If access cards are your security option of choice, keep in mind that advanced smart card systems using high frequencies and bidirectional communication offer better security than low-frequency cards that can be duplicated. Lost access cards can also be deactivated when an employee leaves or a vendor forgets to return the card.
Biometric systems provide the highest level of security by eliminating the chance of access cards or keys being passed around or shared. They also guarantee an indisputable record that can be reviewed at any time, specifying who accessed the cabinet and when.
Have you implemented cabinet-level security in your data center?
Tell us about your experience in the comments section below!
Denis is a product line manager for Belden R&E folio. Denis hold a BSc in Mech Eng (1989); Denis’s focus on helping data center managers find solutions to density challenges, (cable mng, heat, power). He has been involved with deployment of over 3 million square feet of white space. In his spare time Denis enjoy golfing and MTB.