cameras and biometrics. Sargent said each organization must analyze their needs and determine the depth and defense methods required.
“The role of security is limiting the ability of individuals to affect our operations. When we look at airports, there is a multi-level approach with a lot of steps that an individual would have to take to be able to breach security. That multi- layer function for access to an airport can and should be mirrored at a data center.”
Authorized Access
Airports and data centers both compose rosters designating those authorized to ac- cess their facility. Every person is consid- ered an authorized guest. Determining if that person is permitted on site, and where they can go within, is the responsibility of the security force.
The key objectives related to access control are:
• Identifying people who should be there, to focus on those that should not
• Quick, but accurate, resolution of poten- tial issues
• Prevention of breach due to the high op- erational stakes and impact of intrusion
The easiest way to facilitate a system for administering access control is by com- posing a roster of employees, vendors and guests with permission to enter and sharing this information with security. Those not in- cluded are denied access because the securi- ty force does not know their true intentions.
Organizations can further support ac- cess control procedures by requiring every- one to wear identification.
“Identification allows the security force to know whether that person has autho- rized access or gained entry through a breach,” Sargent said. “If security sees someone that doesn’t have a badge dis- played, that is where officers should ask: ‘What are you doing here?’”
Additionally, Sargent suggests data centers create a phone tree that defines those who should be contacted, according to a chain of command, in authorizing ac- cess for unanticipated guests. Security can then follow the phone tree in gaining per- mission for their entry.
“When an unregistered guest visits, the security force needs to know who they should contact to obtain clearance for that person to enter. We might struggle to reach someone at 2 a.m. We need addi- tional contacts to call because the security force will not allow access without con-
“Both airports and data centers are high-risk and highly coveted targets, where a single security breach can jeopardize an interconnected network and a brief outage can cause chaos – in the clouds, or in the cloud.”
18
APRIL 2022 | SECURITY TODAY
sent,” Sargent said.
He believes a defined system for com-
munication, especially outside of normal business hours, is necessary because a lack of connectivity can impede business, op- erations, and the safeguarding of the com- pany and its assets.
“If we don’t protect the client’s intel- lectual property, potential competitors can take that away. That is where data cen- ters run into issues of losing millions of dollars to their competitors because those competitors are rolling out ideas after they were able to infiltrate the data center and gain that sensitive information.”
Hybrid Approach
Security programs at airports and data centers often demonstrate a hybrid ap- proach; a combination of two strategies with the goal of creating a better overall operational plan. The hybrid approach is demonstrated in two ways.
First, their security programs blend the workforce and technology.
“51% human and 49% technology,” Sargent said. “This gives us the capabil- ity to incorporate technology, like facial recognition or biometrics, and if those ele- ments break down, the human element is there as backup.”
Sargent admits that technology can suffer glitches, particularly when an in- truder attempts to disable its functionality. In those circumstances, the security force is ready to respond.
Second, the goals of the security program are achieved when the in-house, proprietary security management works in tandem with an outside, contract security organization. As in the case of the MSP security detail, Sargent is the primary contact for ACTS, a contract security organization, and reports to the Minneapolis Airport Police Department, a law enforcement agency.
“I believe that is one of the best forms of security programs due to staffing,” says Sargent. “Staffing is more difficult for in- house security because a Director of Secu-
COVER STORY
Mark Agnor/Shutterstock.com