This page contains a Flash digital edition of a book.
Enclosures


Biometric physical access control in data centres: ensuring regulatory compliance, with indisputable audit trails


Physically securing private information in data centres has proven challenging, as the necessary technology has lagged far behind network security technology. This report by Digitus Biometrics which has been adapted by Andy Billingham, managing director, EMKA (UK), explores an advanced security methodology by which enterprises can best secure physical assets within their data centres, with greatly enhanced security against the growing trend of insider threats and a 100 per cent indisputable audit trail of physical access


W


hen boiled down to their essence, data privacy rules and regulations all seek to accomplish


the same thing. Government regulations and non-government standards invariably ask four basic questions regarding access to sensitive information: do you have safeguards in place to control access to sensitive data? Are you able to continuously monitor who is accessing sensitive data? Are you alerted in real-time when information is being accessed without authorisation? Can you produce an audit trail showing who has accessed sensitive data and when they accessed it? It’s important to remember that “access” within the context of these questions means physical access as well as network access, and that specific requirements for controlling physical access exist in all rules and regulations concerning the protection of private or sensitive information. These regulations also share a commonality in the requirement for alerts and audit logs of physical access opportunities, though all are notably lacking in specifics regarding implementation.


Shortcomings in common physical security practice Data centres are usually physically secured with a mixture of unconnected platforms that may include palm readers, proximity card readers, and keyed locks. Because of


their size, palm readers, the most secure platform in this group, are found only on doors. Servers that handle especially sensitive data are typically protected from data and device theft by locking server cabinets that are accessed with keys or key cards. The use of mixed access-control devices can raise serious issues as regards to both sound security practice and the ability to demonstrate regulatory compliance. The problem begins with the fact that keys and key cards can become separated from their authorised users which can cause an undetected security breach. The greater the number of keys and key cards in a given environment, the greater the possibility of unauthorised access to physical assets in a server cabinet. As a result, there is no effective means to issue an alert when unauthorised access occurs, and audit trails are incomplete. The audit log from a palm reader at a data centre’s front door provides solid evidence of who was in the data centre at any given time, but beyond that, all that’s known is which key cards, not which users, opened which server cabinets. If the server cabinets are secured with keys – or are not locked – there is no audit trail at the server cabinet level at all.


Technology to eliminate these shortcomings In addition to providing extremely


Biometric swing handle with


fingerprint sensor and emergency opening


accurate identification for access control, db ServerRack offers several key advantages relative to the rack itself and, when paired with db Nexus, to the task of securing the entire data centre. It has simplified security administration; with biometric access control, administration is greatly simplified compared to the mixed-solution environment found in most data centres.


Because biometrics eliminates the user of access enablers that can become separated from their authorised users, there are far fewer opportunities for security breaches. The authorised user absolutely must be present for access to be granted at any biometrically controlled checkpoint. There is also an indisputable audit trail which is especially of interest in demonstrating compliance with government regulations concerning data storage. When the db ServerRack is paired


with db Nexus, that audit trail can cover the entire enterprise, recording and reporting each instance of each individual’s access from door to door to cabinet, and the exact time of each access – indisputably.


Scanning fingers on a touch screen The need to protect sensitive data has never been higher - and that applies to physical as well as to network access. Physical security does not guarantee compliance, and compliance does not guarantee physical security. But the availability of a single, networked platform that can deliver biometric access control to every access point within an enterprise, with an indisputable audit trail, is a strong step toward unifying compliance and security programs – from the front door to the server cabinets.


www.emka.com/uk_en


www.cieonline.co.uk


Components in Electronics


July/August 2016 19


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60