Protecting data centres from hackers, unauthorised access by employees or other threats demands constant attention, writes Fernando Pires, VP Sales and Marketing at Morse Watchmans.
For many the answer lies in multiple layers and types of safeguards including physical measures such as video and policies and procedures that limit physical access such as the use of key management and access control.
Standard features
Key control systems are designed to securely hold keys and automatically track key usage. They are an industry standard in US casinos used to secure access to cash and chips; in prisons to secure and automate access to facility keys; and in housing complexes, car dealerships, hotels, school campuses and other applications. Systems can also secure card access badges as well as provide safe storage for smaller valuable items such as cash boxes, mobile devices and weapons, among others.
To access a stored key or badge, the authorised user simply enters his or her personal identification code on the keypad and when the system verifies the user, the door will open and the location of the requested key will light up. Key control systems can also be configured with card readers or biometric readers and can be networked for centralised control. At any time, security operations can view the status of any key in the system; locate any key in the system; determine who has which keys out and for what area and when they are scheduled to be returned; or determine who has had keys out, for what areas and when. Keys can be returned to any cabinet in the system, but if a key is not returned when scheduled, e-mail alerts and text messages can be sent to selected staff to enable quick action.
Design for 24-7 guard
Key management systems in a data centre facility security plan offer a variety of control and use options. A basic application would entail enrolment of staff based on their function. For example, an operations centre engineer can be authorised for 24-7 key access, whereas a technician may be restricted to accessing a particular key at certain times and for specific times.
The versatility of the key control systems also lends itself to more complex applications in larger data center environments, as when multiple pieces of identification are needed to move about the data center. In this example, a general access badge would allow the employee entrance to the building and a second badge would be used to access internal areas of the data center facility. To maintain security, the internal access badge would be secured in a key cabinet when not in use by the authorised employee.
Retrieving the internal access badge from the key cabinet would require the employee’s general access badge, along with any other access credentials, such as biometric ID or a pin code, to open the key control cabinet. Once the employee’s identity and permissions have been verified in the system, the location of the person’s badge would light up and the locking mechanism would automatically allow removal of the internal access badge and insertion of general access badge, securing it in the same location. The reverse process would apply when the employee left the building, with all activity automatically recorded for auditing purposes.
Conclusion
As the world continues to virtualise, more and more sensitive information is being stored on the cloud. This data can be extremely sensitive and is continually under attack from outside and inside. Although there is no simple one-stop solution for protecting electronic files, a well implemented key management system can be a valuable tool.