T
The need to comply with a range of legal requirements , meet relevant standards and fulfil multiple security and resilience SLAs for customers can be a complex task for data centre operators , especially if operations extend across multiple sites . Then we have to add in obligations such as data subject access , a provision under GDPR that can be complex to fulfil in practice . Finally , there is the evolving threat of cyberattacks .
Data centres are well equipped to provide high levels of security far beyond what customers could ever hope to maintain in-house . They are rightly seen as part of the solution for securityconscious companies and individuals . That ’ s why a cyberattack on a data centre can be catastrophic .
So , how can operators centralise security , be compliant in operations to protect data , and satisfy regulatory requirements while also functioning effectively across multiple sites ? This article outlines the guidance for addressing the cyber and physical security of data centre facilities in a single plan .
FEATURE
That is why operators should invest in and rely upon a scalable and unified security platform that takes into account the requirements of users within and outside of the physical security function . There are many other ways in which centralisation can enhance security and streamline compliance operations .
For example , by making it easier to set expiry times for contractor passes or by automating the generation and sharing of audit reports so that any irregular activity is quickly brought to light . Automation is key as these activities are easy to specify but difficult to consistently carry out if manual intervention is required .
Pooling resources and expertise from across the business allows for the specification and deployment of a common platform with greater capabilities than any one function could hope to develop in isolation . It simplifies day-to-day operations and prevents future headaches surrounding overlapping systems that create operational blind spots through a failure to integrate .
Nick Smith , Business Development Manager at Genetec
Centralise compliance , security and operations
The ability to easily keep track of who had access to what and when , who granted it and why , has benefits far beyond the security function . It sits at the core of satisfying regulatory requirements and ensuring the smooth flow of people throughout the facility .
Commonly , there are a significant number of people and steps involved in granting access to a room or rack and , if authorisation relies upon manual intervention in the access control system , there is a lot of room for mistakes . Social engineering is therefore often used by criminals as a means of getting inside a data centre facility .
Making use of a physical identity and access management solution that bridges physical and IT security to automate the workflow removes the potential for human error while also delivering associated cost efficiencies .
Take a layered approach
It is easy to think in terms of a facility having a single perimeter that needs to be secured . However , it is important to recognise that facilities comprise of multiple overlapping perimeters , each with their own rights of access , risk profile and operational requirements .
Physical security teams must partner with their counterparts in information security to better understand the true limits of the security perimeter . www . intelligentciso . com
49