SECURITY HOT SPOT DATA CENTERS

Sep 1, 2004 12:00 PM, BY JAMES GOMPERS


         Subscribe in NewsGator Online   Subscribe in Bloglines

The information nerve center of an organization should have high-end protection — using technologies such as biometrics and smart cards.

With information technology (IT) and related data practically controlling the way business is conducted today, protecting these systems and information is absolutely mission-critical. Any event, even a small one, can affect an entire operation, interrupt business and cost thousands, possibly millions, of dollars.

In general, most companies tend to focus on securing the perimeter, parking lot, lobby, loading dock or elevators on site before ever thinking about a core function within their organization — the data center and IT infrastructure.

Beyond security of the information systems themselves, the physical security of data centers and data closets is a serious function. Would the interruption of mission-critical systems be a cause for concern? The answer is most definitely “yes.” Yet many companies still leave their data centers open to the general building population, thereby increasing their vulnerability.

TECHNOLOGIES TO CONSIDER

Biometric solutions are the technologies of choice for areas in need of the highest security. For a basic data center or data closet where network equipment or servers may be located, informed use and higher levels of protection are clearly needed.

Biometric systems use unique physical or behavioral characteristics to identify or authenticate one's identity. Biometric identification systems can range from several identifiers including:

Fingerprints

The most widespread biometric, fingerprint technology uses optical images or electronic field imaging to verify identity by pattern-matching, fringe patterns or ultrasonic methods.

Facial recognition

Using features of the face such as the location and position of the nose, outlines of the eyes, or areas of the cheekbones and mouth, facial recognition systems analyze the data and compare it to facial templates on a smart card or to database template files to achieve identification and verification.

Hand geometry

Looking at the length, thickness, bone structure, curves and distance between the joints of the hand, hand geometry readers compare and verify the data to an enrolled measurement.

Iris

Iris scanning uses the unique characteristics of the iris. An infrared imager illuminates the eye and captures a high-resolution picture. The data is converted to an algorithm, which maps the iris's distinct patterns and characteristics.

BEYOND BIOMETRICS

When creating a comprehensive, effective data center security plan, there are at least two other types of identification for authentication that should be considered:

  • something you know — a PIN, password, or personal information (such as a user's mother's maiden name); and

  • something you have — an ID card, smart card, driver's license, or company badge or credential.

Biometrics may be insufficient as the sole form of identification when protecting a core security target. For data centers and technology infrastructures, pairing a biometric with another identification process ensures a better protected environment.

When considering options for a second acceptable form of identification, users should consider incorporating smart card technology. In general, a smart card is a plastic card embedded with a computer chip that stores data for transaction between users and systems. This data is associated with either value or information or both, and is stored and processed within the card's chip, either a memory or microprocessor chip. Smart cards come in a variety of formats and capabilities and include contact, contactless, or hybrid versions.

In the following case study, a hybrid card is used to demonstrate the versatility of the card, with its contactless capabilities for access control, and contact capabilities for secured computing.

THE GOAL: SECURE AND INFORMED USE

For this example, a combination of a card, PIN and biometric is being used for both physical access and logical access to the data centers and server administration, and for access to mission-critical systems or information from the desktops.

To achieve positive identification, smart card readers with keypad and fingerprint technology for access control were incorporated in the data centers and data closets.

Next, all keyboards were replaced with security keyboards with smart card slots and fingerprint readers built-in for all servers and workstations with access to mission-critical systems and data. Because physical access control used contactless smart cards and the keyboards used contact smart chips, the users of these systems were upgraded to a hybrid card with increased memory to handle the biometric template stored on the card.

To achieve informed use and the ability to respond to both physical and logical violations, a middleware application was used to integrate the logical security application into an integrated security management system (ISMS) running in the access control platform. This set-up provides the capability to provide pop-up video associated with a data center or data closet entry/exit in the case of a denied access. It also generates an alarm for a denied logical access for a server or workstation, so security can respond accordingly. The ISMS also achieves a single reporting tool to see who accessed the data center and what data or information was accessed. In this way, security officers do not only respond to a physical security event, but they also can respond to logical violations. These capabilities give the organization peace-of-mind protection and total informed use of facility, data and information.

FOR THE RECORD…

ABOUT THE AUTHOR

James Gompers is founder of Gompers Technologies Design Group Inc. and Gompers Technologies Testing and Research Group Inc. He has more than 20 years of expertise in the security industry as a consultant from the end-user perspective. This is another in a series of columns he is writing for Access Control & Security Systems. E-mail him at jgompers@gtdgrp.com.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

Today's New Product

Product 1 Image

B.I.G. Parking Control/Guard Booth

Manufactured for Louisiana State University, The Estate parking control/guard booth from B.I.G. Enterprises was built to strict hurricane codes due to Hurricane Katrina. The booth features a copper standing seam roof, gutters and downspouts. It comes factory-prepared for on-site installation of architectural brick and has extensive electrical, high-output HVAC, data and communication lines, shelves and cabinets.

To read more...


Govt Security

Cover

SUBSCRIBE

This month in Access Control

Popular Stories

Quick Links

Webinar

Mass Notification Systems

Join AC&SS and ADT as they discuss the crucial role of mass notification systems before, during, and after emergency situations.
March 26 at 2pm ET

Register Now!

Back to Top