18
18
SECURITY & COMPLIANCE
their primary task of providing managed access to cloud services and data , data centres are increasingly required to protect customer data – a key aspect of which is demonstrating security of data and processes through compliance reporting . With this regulation set to come into force in May 2018 , outdated security practices are no longer sufficient .
How can you meet GDPR requirements ? Currently , only 15.7 % of firms in the UK and US are in the advanced planning stages of GDPR compliance . 74 % now believe that their organisations are vulnerable to insider threats , with 68 % fearing breaches caused by insider negligence . It ' s clear that to reach compliance with GDPR and reduce the impact of the ‘ human factor ’, often the weakest link in a security chain , physical security must be deployed in tandem with cyber .
In maintaining uptime and meeting GDPR requirements , data centre specialists are increasingly implementing a series of checks and balances – creating audit trails to specifically identify who has accessed a location and when it was accessed . While this is adequate for current employees , through the use of ID cards and multi-factor authentication , this practice is often not extended to external contractors . While stopping any sufficiently motivated threat actor is extremely difficult , there are a number of strategies which can be put in place to mitigate risk from unregistered visitors ; creating an audit trail and demonstrating that potential damage has been mitigated as far as possible .
Undertaking holistic access control practices The strategies underlying a compliant approach are remarkably simple , combining common sense with existing technology . In the first instance , we can move beyond visitor management at a distance , such as phone call verification . Instead , once a stakeholder within a data centre judges that an engineer is required , for example , they issue an invitation to their employer . This invitation is then received and actioned by said employer , and can be utilised as an access credential – either as a printed code or one issued by the organiser for action within a mobile device . This supplies one factor of authentication before the engineer has even arrived at the site , providing trackable proof that potential risk has been noted , assessed , and that steps are in place to manage it .
Once the engineer arrives at the data centre , the code can be presented to the perimeter access control solution – either to an IP camera , or to a Network Door Station such as the AXIS A4004-VE . This technology is ‘ smart ’ enough to look at the code , analyse it , communicate with the access control database within the data centre , and verify that the attendee is expected . The engineer then registers and represents the code at reception , potentially utilising a second factor of authentication such as facial recognition . Only once this engineer is verified are they issued a visitor or key card to access the data hall .
This card is then presented at the data hall on entry , as well as inside the data cage . This strategy , as opposed to physical lock and key systems , provides trackable data on who specifically is requesting access . This electronic entry also has the benefit of layered access permissions – meaning an engineer can only access the areas pertinent to their task within the data centre . As an added layer of security , pinhole cameras can be integrated with the server block themselves . Once the block is opened , the camera can take a snapshot of whomever has accessed it , creating a visual record , sending the image back through the layers of security and communicating with the system to establish a record of who opened the rack and when .
Ensuring the security of data centres requires a dedicated approach , combining cybersecurity efforts with effective physical security and access control solutions . In meeting this challenge , however , any ‘ smart ’ physical security technology must also now be cyber-secure . This requirement highlights a pressing need for data centre specialists to communicate with dedicated security professionals familiar with both the potentials of the technology on offer , and the best methods of integrating and installing this technology with security in mind . By undertaking this strategy , data centre specialists can be assured that the physical security aspect of GDPR compliance is met through an effective and communicative system .
For buyers and potential customers , this type of security is essential . As part of their own compliance process , customers need to be assured that their data centre of choice takes the security of their data seriously – particularly in light of numerous high-profile breaches . If a data centre can demonstrate compliance , effectively showcasing records of any visitor to a site and proving an audit trail , it will not only increase the attractiveness of their service offering to potential customers , but will provide reassurance to existing customers that their data is in safe hands . The technology is innovative but isn ’ t anything new – it ’ s often already in use . The only difference is using it in a joined-up way . n
www . networkseuropemagazine . com