How data centres can fortify the final line of defence
James Thorpe
Share this content
HID details how we can enhance data centre security with mobile access control.
In today’s data-driven world, where information is the new gold standard, data centre security has become a top priority for every IT department.
And, with data privacy and ethical management being no longer just best practices – they’re legal mandates – the stakes are higher.Â
Then there is the problem with insider threat. According to IBM’s Cost of a Data Breach Report 2023, data breaches initiated by malicious insiders were the most costly, around $4.9m on average or 9.5% higher than the $4.45m cost of the average data breach.
Data privacy regulations such as the EU’s GDPR or the US Federal Information Security Modernisation Act (FISMA) aim to prevent these types of data breaches and physical security plays a vital role in achieving this goal.Â
Data centre managers need to prioritise not only robust network security but also the physical security of server cabinets – the final line of defence against unauthorised access to the world’s digital information stored within these cabinets.
Advanced access control solutions, such as mobile credentials, can streamline and enhance this security by providing a way to quickly monitor who accessed a server or cabinet and when.Â
Other mandates, such as the US Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), requires organisations in national security, finance and other designated industries to report cybersecurity incidents affecting personal data or business operations to the Department of Homeland Security within 72 hours.
This means that any access attempt and incidents – whether physical or digital – must be easily monitored, managed and audited.
Particularly in multi-tenant data centres and remote sites where servers from different clients and industries may reside in one server cabinet, access control at the cabinet level offers an extra layer of security compared to room level security alone.Â
But, not every area of a data centre requires equal protection or access. Each area has differing security and authentication requirements.
There’s the adjacent land, building shell, nontechnical spaces, white space (where servers, racks, storage, network equipment, air conditioning units and power distribution systems reside) and grey space (generators, cooling equipment, switch-gears, transformers and more).
Typically, the outermost layers require less stringent security; with the highest restrictions reserved for white space. This flexibility and ease of management makes mobile access control the ideal solution for these high processing facilities. Â
Beyond keyed locks
Mobile access control offers a more secure and efficient solution for data centres. Some of the advantages include:
- Robust security – mobile access eliminates a reliance on physical cards or badges which can be easily lost and stolen, supports multiple protocols and includes additional layers of security on top of the card encryption. These systems also track access attemptsÂ
- Remote management – a cloud-based platform enables remote management and credential updates, simplifying access control administration. This secure, multi-layered infrastructure adheres to industry leading security certifications and is backed by robust service level agreements and ongoing supportÂ
- Threat prevention – real time access to data allows data centre managers to quickly detect and mitigate threats, such as the ability to instantly revoke credentials, allowing for sustained growth and continuous improvement of their security systemsÂ
- System interoperability – futureproof support is also a growing concern as users are pushing for long term convenience while achieving cost savings. Open standards-based technology where software upgrades can be securely managed through the cloudÂ
- Sustainability – organisations across all regions are making a clear effort to understand how new purchases and upgrades in access control technology can have an impact on sustainable practices, with 74% of end users saying they’ve seen the importance of sustainability increasing over the past year and 80% of partners reporting the trend growing in importance among their customersÂ
- Scalable access rights – individual access rights can be assigned to specific users and cabinets, ensuring granular control over who can access which dataÂ
- Streamlined logging and auditing – mobile access control systems offer automated logging of access attempts. This simplifies report generation for audits and investigations – something privacy laws require – pinpointing any suspicious activity.Â
While data centres are at the forefront of technological innovation, reliance on physical credentials for access control seems archaic.
These energy-hungry facilities are prime candidates for mobile access.
This shift wouldn’t just boost security and convenience, it could also contribute to energy savings by reducing unnecessary trips and standby times associated with many other credentials. Â
Keep in mind that there are wide variations in the underlying security technology.
It’s important to choose an access control provider that has been certified to internationally recognised data privacy standards, like ISO/IEC 27001 and SOC2 Type 2, and that uses the highest levels of encryption.Â
By embracing mobile access, data centres can solidify their position as cutting-edge facilities, not just in processing power, but also in security and efficiency.