Andres Rodriguez - Fotolia
Improve server rack physical security with ISO standards
Safeguarding information access is essential to data center operations. With ISO Standard 27001 and the right locking mechanisms, you can prevent a security breach at the server hardware level.
Organizations use a variety of mechanisms -- such as biometric locks and keycards -- to secure physical access to their data centers. But it is equally important to implement physical security at the rack level.
Server rack physical security is often associated with the use of colocation facilities. Organizations that lease space within a colocated data center sometimes erect fences as a way of restricting physical rack access. Because of the cost of floorspace in a colocation facility, however, organizations are increasingly abandoning the fence in favor of rack-level security mechanisms. In doing so, organizations can reduce the amount of floorspace they need -- decreasing overall costs to rent space.
Data centers can see a surprisingly high volume of foot traffic as technicians come and go, performing various installations, maintenance or upgrade related tasks. Physical security mechanisms help ensure that anyone who has access to a data center -- legitimate or not -- cannot access unauthorized hardware. Besides restricting access to systems that contain sensitive information, server rack physical security systems help prevent hardware theft.
Server rack physical security standards
There are different standards that establish best practices for how the data center should be secured. ISO 27001 is one standard that addresses far more than just physical security. The standard outlines an overall IT approach to security that is based on risk assessment, security controls and management practices; each component ensures that admins implement security measures in a controlled, uniform manner.
Admins can use ISO 27001 as an overarching IT security standard, but it also directly addresses server rack physical security in the data center. Its main guidelines cover actions for data center surroundings, gates and perimeters. The standard also outlines considerations admins should evaluate during an environmental risk assessment.
Just as there are standards such as ISO 27001 that outline best practices for physical security within the data center, admins might need to also consider industry-specific regulations as part of their security strategy. For example, HIPAA part 164.310 (a) (1) for covered entities requires organizations to “implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.”
HIPAA does not specify which physical safeguards organizations must use, but the law clearly requires covered entities to take reasonable measures that limit physical access to information systems.
Lock options for rack servers
In addition to securing data center access, there are many mechanisms that restrict physical access at the rack level. A good offering should be cost effective and strong. It should also log access and grant access only to those with a key or a PIN.
One example of a server rack physical security offering is Rack Armor. Rack Armor is an IDenticard-based offering that creates a log of who has unlocked a server rack, when and for how long. Rack Armor also includes an alerting mechanism, and admins can remotely lock or unlock server cabinet doors if necessary.
Admins seeking a more cost-effective option might opt to instead use a simple locking mechanism, such as the Secure Server Unit from Rack Solutions. This security hardware establishes keyed access to servers, while blocking access to ports and hard drives.
Another option is the db BioLock from Digitus Biometrics, which is based on fingerprint recognition, adding another security layer. The company also offers the db ELock. This server cabinet lock secures data center resources with multi-factor authentication. The lock can use a combination of fingerprints, keycards, iClass cards and traditional keycards.
