FEATURE
This philosophy focuses on detection and not delay of attacks due to the differing measures of success for the attacker . Taking this approach allows you to focus security measures on the asset , which in turn can also help mitigate risk from insiders who exploit or have the intention to exploit an organisation ’ s assets for unauthorised purposes .
What should the security programme address ?
Security mitigation is most effective through a layering approach . An example of the physical security layering within the data centre typically includes 4-6 layers . These layers allow defence in depth and typically address each of :
• Layer 1 : The fence line at the perimeter of the facility
• Layer 2 : External areas , including car parks , access and reception areas
• Layer 3 : Common / circulation areas and Security Operations Centre ( SOC )
• Layer 4 : Grey space ( plant rooms , inc . MMR )
• Layer 5 : White space / data centre floor
• Layer 6 : IT rack ( including associated cage and air containment – hot aisle or cold )
The overall security programme should address each of the layers and combine people , process and technology in an integrated approach . When one provider delivers the entire programme , it gives clear accountability and ownership for the entire security supply chain .
What are the main elements of the security plan ?
By addressing vulnerabilities , an organisation is more likely to prevent the more damaging aspects of a security breach .
Security design activity that fails to consider the appropriate risks , threats and vulnerabilities is unable to identify the necessary impact areas and is therefore unlikely to meet its objectives . The result is either over-expenditure , or vulnerabilities being left unaddressed .
While an integrated approach reduces risk levels and improves protection and resilience , we work hard to identify ways to add value throughout every engagement . Mapping how mitigation impacts not only a single vulnerability but an array of security weaknesses across asset categories enables us to maximise operational efficiencies .
The security plan as a minimum should address each of the physical layers through the 3Ds and BAD design philosophy .
What technologies should be included ?
The security solution should embrace a variety of system technologies working in an integrated fashion with a strong focus on analytics to assist the security service team in performing their duties .
Typically , from a physical security perspective , the perimeter may adopt vehicle access control , using license plate recognition ( LNPR ) and mechanical barriers at a manned guarding point . Perimeter intruder detection ( PID ) will use video analytics and thermal imaging to draw attention to attempts to gain unauthorised access to sites around the boundary or fence line .
Internally , the security systems include access control , some with twofactor credentials such as pin and / or biometrics to control access to the varying layers , particularly high security areas such as the rack or IT space .
Real time video surveillance embedded with Deep Learning analytics will draw attention to unusual activity or motion , while a communication system should make it simple for security to push messages and video capture if necessary .
Ideally a security management system will provide a simple interface to allow security to operate the different systems in a controlled manner from a central location .
Life safety and fire prevention and detection is absolutely necessary and often seeking Very Early Smoke Detection Alarm ( VESDA ) to maximise response preparedness with a doubleknock alarm often providing a secondary detection to activate the fire suppression systems in the critical white ( IT Room ) and grey ( Plant Room ) spaces .
What should you look for in a technology partner ?
Quality , experience , breadth and a commitment to continuous improvement . Let ’ s treat each of those individually .
• Quality – Where systems integration is required , it is critical that they can demonstrate a commitment to the manufacturer ’ s accreditation programme . It sounds obvious but they should absolutely be licensed or certified by the original equipment manufacturer ( OEM ) to provide reassurance of the design and installation proposed , through to the ongoing service and maintenance of the installed systems . Today especially , we also lean heavily on our relationships with distribution and channel partners to help offer timely delivery . The integrator themselves should have a commitment to an independent quality management system to give confidence in their processes and systems , through the complete life cycle of services – from account www . intelligentciso . com
57