for the entities that secure their information.
The regulation calls for monitoring and tracking personnel who
might have physical access to data or systems that house cardholder data. This access should be appropriately controlled and restricted. Personnel covered under PCI DSS include full- and part-time em- ployees, temporary employees, contractors and consultants who are physically present on the entity’s premises. The regulation also covers visitors, such as vendors and guests, who enter the facility for a short duration—usually up to one day.
But aren’t most data breaches completed by outside hackers breaking in through firewalls and not by people within an orga- nization? The data says otherwise. In many cases, according to re- search conducted by IBM, the next attack could be from within an organization.
In 2015, 60 percent of all attacks were carried out by insiders— either those with malicious intent or those who served as inadver- tent actors—by configuring a server incorrectly or leaving a port open on accident.
For the data center manager, the benefits of compliance are two- fold. Compliance not only protects the confidential nature of the data stored within the data center, it also protects the data center from regulatory penalties and the added cost of lost productivity that may occur as a result of a data breach.
Securing Assets with EAS
Managing access to the data center is becoming more complicated as data housing facilities continue to expand their hosting capabili- ties. From data centers housing information for a single organiza- tion to colocation data centers where multiple companies are hosting
their data in one location, traditional key management is becoming a significant challenge for facility managers. Personnel from one or several organizations may access the data center at any given time, making key management increasingly difficult to track.
Data centers typically have multiple layers of security and access control: at the front door of the building, then a man trap to get past the lobby, then access control to get into each data center room, then possibly a cage depending on the data center structure.
However, it is at the rack level where data security and access control have the potential to fall short. If the servers are behind doors, there may not be physical locks securing those doors. And in older server farms, the server racks are wide open to all who have gained access to the cage that surrounds them. Thus, all of the phys- ical layers of security can’t prevent unauthorized or malicious at- tempts to access unsecured servers. And if there is an attack or data breach, it becomes more difficult to track down the “who, what, when and where” of the breach if there is no rack-level security and audit trail in place.
In response, data center managers are focusing on extending physical security down to the rack level. Cabinet manufacturers are transitioning from traditional lock-and-key mechanisms to integrat- ed solutions that combine electronic locking and monitoring capa- bilities for optimum security. These electronic access solutions (EAS) allow data center managers to easily incorporate intelligent locking throughout the facility—from its perimeter down to its servers—us- ing the data center’s existing security system integrating with newer DCIM systems or through a separate, fully-networked system.
The remote monitoring capabilities offered by electronic access solutions help data center managers quickly identify a violation, en-
I WANT YOU TO BUY AMERICAN!
Our Steel Gooseneck Pedestals are
Made in America from American Steel
Our Lexan Polycarbonate Housings are
Made in America from American Plastic Resin
Stop Feeding the Foreign Beast
To Save a Buck!
www.thehousingcompany.com - sales@thehousingcompany.com - (770) 529-1040
Untitled-2 1
Go to sp.hotims.com and enter 8 for product information.
3/12/19 11:00 AM
WWW.SECURITYTODAY.COM 25