Rack-level access technologies enhance data centre security

With the data centre industry undergoing significant expansion to meet growing user demand, investments in data security and physically securing these new facilities reliably must be a top priority, as Sonny Van Ngo, business development manager for electronic access solutions at Southco, explains.

There’s a strong incentive for those in the data centre industry to make significant investments in protecting their facilities from all kinds of risks. One area the leading data centres are investigating – one that remains a vulnerability in some locations – is rack-level security. There are now ranges of electronic locking, access control devices, and systems designed to ensure that every server cabinet and rack that needs to be secured from unauthorised access can be easily and fully protected.

Virtually all data centres have well-established security systems and processes to manage and track technician access – from teams either installing new equipment or carrying out a variety of maintenance tasks. There are multiple layers of security and access control: at the front door of the building, a man trap to get past the lobby, then access control to get into each data centre room, then possibly a cage depending on the data centre structure. All of this is usually backed by 24/7 video surveillance from multiple angles.

However, it is at the rack level where data security and access control have the potential to fall short. If the servers are behind doors, there may not be physical locks securing those doors. And in older server farms, the server racks are wide open to all who have gained access to the cage that surrounds them. The impact of such data breaches can be steep, resulting in severe civil and criminal penalties, as well as loss of professional reputation.

Responsibility for rack-level security can differ depending on the type of data centre. Some are wholly owned and operated by one company or entity, so responsibility for securing server racks and cabinets is with one organisation. In co-located data centres, with multiple users owning and operating one or several racks or cabinets with many other owner/operators, it is typically the server owner who defines how to secure those racks and how sophisticated that locking and access management solution will be.

Under these conditions, it’s important for all data centre users to appreciate the range of options available for rack-level security. Cabinet manufacturers are transitioning from traditional lock-and-key mechanisms to integrated solutions that combine electronic locking and monitoring capabilities for optimal security.

Electronic locks are actuated by external access control devices, which validate user credentials and produce a signal that initiates the unlocking cycle. Leading suppliers now offer modular electronic locks that can be combined with any access control device, including keypads, radio frequency identification (RFID) cards, biometric readers, or wireless Bluetooth systems.

One major advantage of these modular electronic locks it is relatively easy to upgrade reader technology over time. The systems are engineered to protect the customers investment from the start. These systems are designed for efficient installation and performance; they typically feature microprocessor-controlled gear motor designs that ensure minimal power consumption, and provide intelligent locking and monitoring capabilities.

These modular electronic locks can provide the linchpin for rack-level security that can be modified or adapted to the unique requirements of each server and cabinet owner – offering greater flexibility to accommodate an individual company’s security and access control processes. Leading electronic lock retrofit kit suppliers have also developed multiple variations to make it easier to install electronic locks on a wide range of cabinet door formats and configurations.

In addition, some data centre and server owners are seeking to augment standard access security procedures with multi-factor authentication. With this, one piece of information alone does not grant access. An electronic lock can be designed to require the user to present an RFID card and then enter a PIN code on a keypad. The modular capabilities of the newest generation of electronic locks can support this capability.

Complete EAS platforms

EAS platforms allow data centre managers and rack owners to easily incorporate intelligent locking throughout the facility — from its perimeter down to its servers. This can be accomplished by either leveraging the data centre’s existing building management system (BMS) and integrating with newer electronic systems, or through a separate, fully networked system.

An electronic access solution is composed of three primary components: an access control reader or input device, an electromechanical lock, and a controller system for restricting, monitoring and recording access. When designing an electronic access solution, it is important that the appropriate electronic lock is chosen for the specific enclosure, and provides the intelligence, flexibility, and security needed at the rack level.

EAS platforms allow for very specific access control. For example, a technician would receive an electronic key through an app on their company smartphone or tablet equipped with Bluetooth. That key would actuate only a single cabinet door and only for a set period of time to let them carry out a specific service task.

Each time an electronic lock is actuated, an electronic ‘signature’ is created and recorded to monitor access — either locally with visual indicators or audible alarms, or remotely over a computer network. These signatures can be stored to create audit trails that can be viewed at any time to forensically reconstruct a series of access events, keeping track of location, date, time, duration of access, and specific user credentials.

These audit trails provide data centre managers with an additional capability: tracking the amount of time a server rack door is opened in order to monitor maintenance and service activity. If a server rack is scheduled for activity that should take 30 minutes, but the audit trail shows the door was open for several hours, management can find out why the delay occurred and exercise better management of service personnel and costs for service.

This audit trail can also be used to demonstrate compliance with data protection regulations, and quickly identify and respond to security breaches or forensically reconstruct events leading to a violation. Remote management and real-time monitoring eliminate the need for on-site staffing and reduce costs associated with managing data centre security.

Choosing the right solution

As data centre use and construction dramatically increase, there are major incentives to ensure that protecting the data and applications held in those centres is fully supported – and that means making smart decisions about how to implement rack-level security.

This is a challenge both for new facilities and, in many cases, older existing data centres that have not fully invested in rack-level electronic locks and access control.

Leading security systems providers such as Southco have developed a range of electronic locking platforms for new installations and retrofit applications to meet each end user’s unique requirements and processes. Partnering with these suppliers and drawing on their expertise can help find the right rack-level access and security solution to properly protect critical digital infrastructure.