SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Enhancing data centre security with mobile access control

Mon, 30th Sep 2024

In today's data-driven world, where information is the new gold standard, data centre security has become a top priority for every IT department.  Data privacy and ethical management are no longer simply best practices—they're now legal mandates. As such, the stakes are higher than ever.

Then there is the problem of insider threat. According to IBM's Cost of a Data Breach Report 2024, data breaches initiated by malicious insiders were the most costly, around $4.9 million on average or 9.5% higher than the $4.45 million cost of the average data breach. In Australia, the average cost of a breach is around $2.78 million, which is an increase of $80,000 on 2023.

According to the Office of the Australian Information Commissioner (OAIC), approximately 11% of notifiable data breaches in Australia were caused by malicious insiders.

Data privacy regulations such as the Notifiable Data Breaches (NDB) scheme and the European Union's General Data Protection Regulation (GDPR) aim to prevent these types of data breaches, and physical security plays a vital role in achieving this goal.

Data centre managers now need to prioritise not only robust network security but also the physical security of server cabinets—the final line of defence against unauthorised access to the world's digital information. Advanced access control solutions, such as mobile credentials, can streamline and enhance this security by providing a way to quickly monitor who accessed a server or cabinet and when.

Mandates such as the NDB and Critical Infrastructure bill require organisations in energy, healthcare and other industries to report cybersecurity incidents affecting personal data or business operations to the Australian Cyber Security Centre within as little as 12 hours depending on the circumstances.

This means that any access attempt and incidents—whether physical or digital—must be easily monitored, managed and audited.

Particularly in multi-tenant data centres and remote sites where servers from different clients and industries may reside in one server cabinet, access control at the cabinet level offers an extra layer of security compared to room-level security alone.

However, not every area of a data centre requires equal protection or access. Each area type has differing security needs and authentication requirements. There's the adjacent land, building shell, nontechnical spaces (like meeting rooms), white space (where the actual servers, racks, storage, network equipment, air conditioning units and power distribution systems reside), and grey space (housing generators, cooling equipment, switchgears, transformers and other equipment necessary to support the white space). Typically, the outermost layers require less stringent security, with the highest restrictions reserved for white space.

Therefore, different security requirements require a flexible and easily manageable solution for access control. This makes mobile access control the ideal solution for data centre facilities.

Beyond Keyed Locks: Benefits of Mobile Access Control in Data Centres
Advantages include:

1. Robust security: Mobile access eliminates reliance on physical cards or badges which can be easily lost and stolen, supports multiple security protocols and includes additional layers of security on top of the card encryption. These systems track access attempts, allowing for fast reprogramming of access rights if needed.

2. Remote management: A cloud-based platform enables remote management and credential updates, simplifying access control administration. This secure, multi-layered infrastructure adheres to industry-leading security certifications and is backed by robust service level agreements and ongoing support. By leveraging cloud-connected access control devices, applications, and mobile credential solutions, data centres can strengthen security, streamline workplace efficiency, and scale their access control system as needed.

3. Threat prevention: Real-time access to data allows data centre managers to quickly detect and mitigate threats, such as the ability to instantly revoke credentials, allowing for sustained growth and continuous improvement of their security systems.

4. System Interoperability: Future-proof support is also a growing concern as users are pushing for long-term convenience while achieving cost savings. Open standards-based technology where software upgrades can be securely managed through the cloud.

5. Sustainability: Organisations across all regions are making a clear effort to understand how new purchases and upgrades in access control technology can have an impact on sustainable practices. 74% of end users report that they've seen the importance of sustainability increasing over the past year, and 80% of partners report the trend growing in importance among their customers.

6. Scalable Access Rights: Individual access rights can be assigned to specific users and cabinets, ensuring granular control over who can access which data.

7. Streamlined Logging and Auditing: Mobile access control systems offer automated logging of access attempts. This simplifies report generation for audits and investigations—something privacy laws require—pinpointing any suspicious activity.

Conclusion
While data centres are at the forefront of technological innovation, their reliance on physical credentials for access control seems archaic.  These energy-hungry facilities are prime candidates for mobile access. This shift wouldn't just boost security and convenience, it could also contribute to energy savings by reducing unnecessary trips and standby times associated with traditional plastic credentials.

Keep in mind that there are wide variations in the underlying security technology. It's important to choose an access control provider that has been certified to internationally recognised data privacy standards, like ISO/IEC 27001 and SOC2 Type 2, and that uses the highest levels of encryption.

By embracing mobile access, data centres can solidify their position as cutting-edge facilities, not just in processing power, but also in security and efficiency.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X