It will do you no good to have a data center with the latest generation IT equipment and systems if you don’t have strict control over access to your facilities. “With the evolution of technology and the advent of cloud-based solutions, security at data centers is being put to the test,” said Gustavo Rizzo, executive director of Vault, a company specialized in high-security physical barriers, integrated access control systems, CFTV – closed circuit television and alarms.
It’s important to remember that, as a large provider of hosting and collocation, hundreds of clients may visit your servers at any time, increasing your risks and the difficulties you will have in guaranteeing the protection of your information. “Anyone who thinks that these structures and companies are only victimized by virtual crime and on-line invasion is mistaken,” he says.
That’s why, in addition to protecting against physical threats like fire, heat, smoke, corrosive gases, leaks and explosions, the security design of a data center should consider the risk of unauthorized access to environments, racks and equipment. In other words, it must guarantee the effective screening of authorized users, and at the same time prevent invasions, adulterations, damage to equipment and theft of data.
“The access control segment today offers a myriad of technologies that allow for the identification, monitoring and tracking of people and devices in a way that is automatic and integrated with alarm systems and surveillance cameras,” stated Oswaldo Oggiam, director of Abese – the Brazilian Association of Electronic Surveillance Companies. Over the last ten years, the electronic security systems market has grown at an average annual rate of 10%. In 2013, the sector registered economic activity amounting to R$ 4.6 billion, of which 21% was related to access control systems (the greatest part, 46%, is represented by closed circuit TV, followed by alarms with 23%).
The guarantee of access control at data centers is also a prerequisite for companies that perform digital certification, as established by ITI – the National Institute of Information Technology, the agency that sets the norms for digital certification in Brazil and guarantees the authenticity and legal validity of electronic documents.
The event is aimed at professionals in the area of electronic security systems, whether in the public or private sector, or even as independent freelancers; it targets designers, engineers, architects, technicians and commercial consultants. “The IP Convention is an excellent opportunity for us to show the market what is new in innovative security solutions, consolidating our position as a national leader in the Integration of Electronics Systems,” adds Cuglovici.

Layers

Protection of a data center follows the concept of “layers.” That means that it starts on the outside, the perimeter, and extends into each inside environment: floors, rooms, racks and servers. Access control equipment detects, slows and communicates activity, giving sufficient time for measures to be taken and support teams to be called.
An example of protection for perimeter areas of buildings are bollards, controllers that block the passage of heavy vehicles. The system is made up of retractable posts operated by automated hydraulics. “The equipment is already used on a large scale in Europe, and is primarily intended to prevent terrorist attacks employing car bombs,” says Rizzo, from Vault, a company that is supplying the products for eight data center projects during the first semester of the year, including ones for Banco do Brasil and Caixa, in Brasília, DF.
Inside of data centers, the locking of racks, computer servers and CPU rooms is the first measure for protecting the network. At a small company, it may be enough to simply have normal key operated locks. But what about a data center with thousands of racks? How can you manage the great number of accesses and perform tracking audits? And how can you customize access in accordance the area and access permissions of each user?
In order to overcome this obstacle, Vault developed an access controller with software resources that allow one reader (using any type of technology, RFID – radio-frequency identification, biometrics or others) to manage up to 32 doors and sensors, making the investment viable. “A design with 320 rack doors, for example, requires only 10 controllers and readers, associated with 320 locks and sensors,” says Natan Cuglovici, director of engineering at Vault. The granting of access is made by key, keyboard or card. “Each person’s access is registered according to the system’s preprogrammed permissions,” he says.
Access control of environments and racks can be integrated with fire and invasion alarm systems through Vault’s SCAIIP platform. The system, based on TCP/IP architecture, is integrated with pedestrian and vehicular access control, monitoring of alarms, the rounds of security guards, control of elevators, control of racks, closed circuit video, and other resources. At Soluti Certificação Digital, Vault implemented an integrated security system (access control/CFTV/intrusion alarm/fire alarm) to protect the safes of the units in São Paulo and Rio de Janeiro.
According to Rizzo, the system is specifically designed to control the opening and monitoring of rack and server doors. “Data centers have a great number of doors to be controlled, amounting to hundreds and even thousands, which is why a conventional access system would be very costly, or possibly unfeasible, not only from an economic point of view, but also due to the size and complexity of the infrastructure that would be needed,” he states.
According to the e-book “Management of Access Control in Practice”, produced by the Florianópolis, SC, based company Specto, which develops and manufactures security solutions for the corporate and residential market, the automated control of an environment involves the following stages:
• Identification: the part of the process where the user presents his or her credentials. This may be something the user possesses (card); knows (password); or is an integral part of him or her (biometric). Biometric identification by fingerprint is the most common and is currently used because of its high reliability and low cost.
• Authentication: identity is verified and validated using a credential that may be one of the types presented during the identification stage.
• Authorization: defines the rights and permissions for each user of the system. After authentication, the process of authorization determines whether or not the user has permission to access the location at the time and date being requested.
• Audit: a reference to the collection of information related to the utilization of the system’s features by the users. This information may be used for management, planning, etc. An audit in real time occurs when information related to users is delivered at the exact moment that the system for managing access is being used. In a data memory audit the information is recorded and delivered later. The information typically identified in this process are the identity of the user, the type of service, and the time it begins and ends.

Biometrics

Vault possesses both fingerprint and facial recognition biometric reader technology. These are designed for adaptation to an array of security systems, allowing for installation in a variety of configurations. Locks, which can also be used to increase data center security, are designed in specific models for each type of application (electromagnetic, electric, electromechanical, etc.).
Both biometric readers and locks connected to access controllers allow for control of restricted areas and racks of equipment for data storage, while management software registers operations for possible auditing later in the event of any violation, thus taking into account both risk prevention and the investigation of occurrences.

Source: RTI