Securing your data centre

Issue 1 2021 Access Control & Identity Management

Data centres and IT facilities usually come in two flavours: off-site and in-house. However, in each case the common denominators are that an organisation’s data centre holds delicate and highly confidential information that requires the highest level of security. While today’s headlines are filled with hacking attempts to steal information off vulnerable networks and servers from remote locations, the threat of physical breaches into data centres is also real and requires a coordinated security strategy using a layered approach.

Whether the data centre is a remote, standalone facility or housed in a corporate location, it needs a protection plan that begins at the perimeter and moves to the building itself, then into the facility, the data centre or server room, and finally securing the cabinets and racks containing the wiring arrays and equipment. The security layers may feature perimeter barriers and surveillance, or secured entrances with high-level access control like mantraps and turnstiles, badging, multi-technology biometrics and analytics.

The size and shape of data centres varies according to the size of the organisations they serve, but each is the nerve centre of that company and prone to physical attacks. It is important to remember that many data centres are more than just information storehouses. The data centres contain essentials such as the wiring compartment room, which hosts the wiring infrastructure where network and systems alarms and firewalls are located, the computer/server room where the devices that perform the primary processing of a data centre are stored, and finally, the inner sanctum of the data centre, which is its data storage location.

While all of these areas are susceptible to remote virtual breaches, a physical breach into the data centre that destroys wiring infrastructure, or results in stolen servers or RAID drives, would be catastrophic for an organisation’s business health and operations.

Protecting data with access control

While physical security may not be the first thought in an environment of cloud computing and virtualisation, it should not be overlooked or underrated as a critical tool for cybersecurity. Controlling access to and within the building and its servers is critical to overall data centre security. By peeling away each layer within the building, the options available to help secure data centres are clear.

An immediate priority would be to limit access points into any facility housing a data centre, while keeping unencumbered exits required by fire codes. A high-security facility would require people entering the building to authenticate themselves a minimum of three times. Outer secured entrances to the facility could be a badge-in door with a buzzer or intercom system for guests. A sophisticated visitor management system would require guests to receive temporary access rights via mobile or RFID access cards tied to the access control system for tracking. In the case of a co-location facility, security revolving doors with anti-tailing sensor systems can be used.

Multi-factor authentication with any combination of face recognition, fingerprint, RF card and/or PIN is the best possible scenario. The access control system should allow for integration with video surveillance and have options for biometric authentication. Employing a level of flexibility in system design, differentiating authentication methods from the strict high-security access points to public areas with less restriction is an option. A high degree of separation and access must also be implemented, allowing access to only those who need it, and in the case of co-location, segmenting the rooms as much as possible.

The highest degree of security must be reserved for the data centre itself and it is here that a comprehensive anti-tailgating strategy is essential. Options include security revolvers (revolving doors) and personal interlocks tied into the building’s access control system. A security revolver may be equipped with a contact mat, scales (sensors to detect and prevent tailgating and piggybacking), or internal monitoring. A personal interlock or ‘mantrap’ would also work to prevent tailgating and piggybacking by only allowing one person through at a time.

Suprema recognises that your data centre is home to the most valuable assets of your company. Suprema’s latest biometric access control solutions are designed to meet stringent requirements from modern data centres. Combining the world’s leading biometric technology, distributed system topology, and integration with third-party solutions, Suprema provides the most secure physical access control solutions for data centres.

Suprema adheres to strict security standards:

Irreversible biometric template protection: Leakage of real fingerprint or facial images registered for authentication may pose a serious threat to security. Actual images are reorganised as binary templates through an advanced analysis algorithm which can never be reversed to a real live image.

Personal data protection: Protecting personal data from malicious attacks or leaks has never been more important. Suprema solutions are designed to safeguard all personal data including biometric credentials and any information that can be traced back to a user. All data is encrypted using AES 256, AES 128, DES/3DES before storing in the server, device or cards. Suprema’s web-based open security platform BioStar 2 also received ISO 27001 and 27701 certifications, satisfying international standards for data protection and management.

Communication protection against malware and data breaches: Communication protection using encryption and certificates is applied to all communications used in the system. Server to client communication is protected by HTTPS, which can use a trusted CA signed certificate. Between the server and device, all communications are encrypted using AES 256, which can be enhanced by using TLS 1.2. Serial communication through RS-485 is also encrypted using AES 128 under the requirement to secure all possible communications. These implementations result in a system where it can efficiently defend against malicious attacks and protect all sensitive data.

Physical protection of sensitive data on edge devices: All edge devices produced by Suprema support security tamper-proofing to protect stored data from physical threats. If any unauthorised attacker removes the device from the wall, all data and configurations stored will be deleted immediately.

Providing proof of compliance: All activity on the system is recorded from the moment of logging into the BioStar 2 platform. The operations are recorded as logs including information of time, object, and details of actions in the system.

Authentication for data access: The BioStar 2 platform faithfully reflects privacy protection and organisational operation requirements. Permission levels to access personal information can be divided up in various ways.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Securing access to the data centre
Issue 1 2021, Suprema , Cyber Security
When looking for a solution to securing your data centre, FaceStation F2 stands out in terms of its versatility, security and rich feature offering.

Read more...
Secure alternative to passwords
Issue 1 2021, Suprema , Cyber Security
Fingerprint biometrics offer a secure alternative to regular passwords; they cannot be lost/forgotten and cannot be shared.

Read more...
Yale launches Linus Smart Lock
Issue 1 2021, Yale Security (SA) , Access Control & Identity Management
The Linus lock allows for keyless entry and gives its users the ability to see who comes and when, grant virtual guest keys, and check whether the door is open or closed.

Read more...
SALTO offers touch-free access control
Issue 1 2021, Salto Systems Africa , Access Control & Identity Management
The Wave XS is a smart, fast and reliable access control solution with a touchless button that permits easy and clean operation for a large number of activator devices.

Read more...
Touchless access and temperature screening
Issue 1 2021 , Access Control & Identity Management
Invixium has announced that Eastern Platinum Limited (Eastplats) has deployed the IXM TITAN with its Enhancement Kit at the Crocodile River Mine. This deployment comes in response to a growing global ...

Read more...
New thermal access control from RS Components
Issue 1 2021 , Access Control & Identity Management
Combining temperature measurement and AI facial recognition in a single device offers effective and efficient safety and security options for businesses, schools and hospitals.

Read more...
New drop arm barrier provides unimpeded access
Issue 1 2021, Turnstar Systems , Access Control & Identity Management
The Turnstar Dynamic Drop Arm Barrier is ideal for indoors where it provides high levels of security for medium-volume pedestrian access requirements.

Read more...
StarSign Key Fob: a biometric access device
Issue 1 2021 , Access Control & Identity Management
Giesecke+Devrient (G+D) has announced the StarSign Key Fob, a unique biometric solution for employee access to company assets at the highest security level, in a convenient way.

Read more...
New drop arm barrier provides unimpeded access
Issue 1 2021, Turnstar Systems , Access Control & Identity Management
The Turnstar Dynamic Drop Arm Barrier is ideal for indoors where it provides high levels of security for medium-volume pedestrian access requirements.

Read more...
ATG launches contactless access control
Issue 1 2021 , Access Control & Identity Management
While South Africa waits hopefully for reduced COVID-19 numbers, lockdown restrictions and an expedited vaccine rollout, businesses nationwide are resuming operations as normally as possible, adopting contactless sign-in procedures for added safety.

Read more...