fbpx

Data Center Security

It is not worth it to have all equipment and latest IT systems in a data center that doesn’t have a strict access control on the facilities. “With the evolution of the technology and the dawn of cloud solutions, data center security has never been tested more”, says Gustavo Rizzo, Vault’s CEO.

 

It needs to be said that in a big hosting and colocation provider, hundreds of clients can visit your servers at any moment, raising the risks end the difficulties to ensure the information protection. “Fools himself, the one that think that these structures and companies are victims of onle the virtual crimes and on-line invasions”, says Rizzo.

 

For this, besides preventing physical threats like fire, heat, smoke, corrosive gases, leaks and explosions, the data center security project must consider the risk of unwanted access to the enviroment, racks and equipment. In other words, it should garantee the effective screening of authorized users, and at the same time, preventing intrusion, alteration, damage to equipment and data theft.

 

“Today, the access control segment offers countless tecnologies that allow the identification, monitoring and tracking of people and devices, automatically and integrated with alarm systems and camera surveillance”, Oswaldo Oggiam, director of Abese (Brazilian association of Eletronic Security Enterprises). In the last ten years, the market of security eletronic systems keeps growing on a 10% annual average. In 2013, the sector moved around US$1,46 billions, of which 21% reffers to the access control systems (the biggest part, 46%, is represented by the closed circuit of TV, followed by the alarms, with 23%).

 

The garantee of access control in data centers is also a pre-requiste to the companies that do digital certificates, as stablished by the ITI – National Institute of Infomation Technology (Brazil), that creates the rules of digital certificates on Brazil and ensures the authenticity and legal validity in eletronic ways.

 

Layers

 

The protection of a data centers follows the concept of “layers”, that is, starts in the external area, on the perimetral region, and goes to each of the internal ambients: floors, rooms, racks and servers. The equipment of access control detects, slow and comunicate in action, giving enough time to take apropriate measures and supporting areas are activated.

 

An example of perimetral areas protection of buildins are the bollards, controllers that allows the passage of heavy vehicules. The system is composed of retractile pins with hidraulic automatization. “The equipment is already used in large scale on Europe, mostly against terrist attacks with car bomb”, says Rizzo.

 

In data centers though, lock racks, server rooms and CPUs is the first measure to protect the network. In a small company, this can be easily done by keys, but what to say on a data center with thousands of racks? How to manage the countless number of accesses and make tracking audits? And how to customize the accessess in accord to the area and permission of each user?

 

To win this obstacle, Vault developed an access controller with software resources that allows that only one reader manages up to 32 doors and sensors, make possible the investment. “A project with 320 rack doors, would need only 10 controllers and readers, associated with 320 locks and sensors”, says Natan Cuglovici, director of engeneering at Vault. The permission to access goes by key, keyboard or card. “Register the user access, according to the permissions pre-programed on the system”, he says.

 

The access controle of the enviroment and racks can be integrated with fire alarm and intrusion systems by the SCAIIP platform, from Vault. The system, based on TCP/IP model, is integrated with pedestrian and vehicule access control, monitoring alarm, guard round, lift control, rack control, CCTV, and other features. On Soluti Difital Certification, Vault has implemented an integrated security system(access control/CCTV/intrusion alarm/fire alarm) to protect the vault room on São Paulo and Rio de Janeiro.

 

According to Rizzo, the system is specically designed to control the opening and monitoring of server rack doors. “Data centers have a very big number of doors to be controlled, reaching hundreds or thousands, and for that a conventional access system would be to expensive, and even unfeasible, not only by the economic point of view, but also by the large and complex required infrastructure”.

 

According to Gestão de Controle de Acesso na Prática (Practice of access control managing), Specto, the automated control of an enviroment follows these steps:
– Identification: the identification is checked and validated through credencials that can be presented during the identification stage.

– Authentication: determine which rights and permissions a system user has. After authentication, the authorization process determines if he has access or don’t to the place, time a date requested.

– Audit: is a reference of the gathered information related to usage, by the users,of the system features. This information can be used to manage, plan, etc. The real time audit happens when the information related to the user is exchanged at the moment of the usage of the access managing system. On the data memory audit the infomation is recorded and sent later. The information usually related to this process is the user identity, the service nature, the start and end.

 

Biometric

Vault relies on biometric readers technology of finger print and facial recognition. It is developed to adapt in a number of security systems, allowing the deployment in different configurations. As for the locks, that also can be used to increase the data center security, they have specific models for each type of application (eletromagnetic, eletric, eletromechanic, etc).

 

Both, the biometric readers and the locks, connected to the access controllers, allow the control of retricted areas and racks with data storage equipment, while the managing software records the operations for a possible future audit, in case of violation, that is, both, the risk prevention and the event investigation, are completely contemplated.