Securing your data centre

Issue 1 2021 Access Control & Identity Management

Data centres and IT facilities usually come in two flavours: off-site and in-house. However, in each case the common denominators are that an organisation’s data centre holds delicate and highly confidential information that requires the highest level of security. While today’s headlines are filled with hacking attempts to steal information off vulnerable networks and servers from remote locations, the threat of physical breaches into data centres is also real and requires a coordinated security strategy using a layered approach.

Whether the data centre is a remote, standalone facility or housed in a corporate location, it needs a protection plan that begins at the perimeter and moves to the building itself, then into the facility, the data centre or server room, and finally securing the cabinets and racks containing the wiring arrays and equipment. The security layers may feature perimeter barriers and surveillance, or secured entrances with high-level access control like mantraps and turnstiles, badging, multi-technology biometrics and analytics.

The size and shape of data centres varies according to the size of the organisations they serve, but each is the nerve centre of that company and prone to physical attacks. It is important to remember that many data centres are more than just information storehouses. The data centres contain essentials such as the wiring compartment room, which hosts the wiring infrastructure where network and systems alarms and firewalls are located, the computer/server room where the devices that perform the primary processing of a data centre are stored, and finally, the inner sanctum of the data centre, which is its data storage location.

While all of these areas are susceptible to remote virtual breaches, a physical breach into the data centre that destroys wiring infrastructure, or results in stolen servers or RAID drives, would be catastrophic for an organisation’s business health and operations.

Protecting data with access control

While physical security may not be the first thought in an environment of cloud computing and virtualisation, it should not be overlooked or underrated as a critical tool for cybersecurity. Controlling access to and within the building and its servers is critical to overall data centre security. By peeling away each layer within the building, the options available to help secure data centres are clear.

An immediate priority would be to limit access points into any facility housing a data centre, while keeping unencumbered exits required by fire codes. A high-security facility would require people entering the building to authenticate themselves a minimum of three times. Outer secured entrances to the facility could be a badge-in door with a buzzer or intercom system for guests. A sophisticated visitor management system would require guests to receive temporary access rights via mobile or RFID access cards tied to the access control system for tracking. In the case of a co-location facility, security revolving doors with anti-tailing sensor systems can be used.

Multi-factor authentication with any combination of face recognition, fingerprint, RF card and/or PIN is the best possible scenario. The access control system should allow for integration with video surveillance and have options for biometric authentication. Employing a level of flexibility in system design, differentiating authentication methods from the strict high-security access points to public areas with less restriction is an option. A high degree of separation and access must also be implemented, allowing access to only those who need it, and in the case of co-location, segmenting the rooms as much as possible.

The highest degree of security must be reserved for the data centre itself and it is here that a comprehensive anti-tailgating strategy is essential. Options include security revolvers (revolving doors) and personal interlocks tied into the building’s access control system. A security revolver may be equipped with a contact mat, scales (sensors to detect and prevent tailgating and piggybacking), or internal monitoring. A personal interlock or ‘mantrap’ would also work to prevent tailgating and piggybacking by only allowing one person through at a time.

Suprema recognises that your data centre is home to the most valuable assets of your company. Suprema’s latest biometric access control solutions are designed to meet stringent requirements from modern data centres. Combining the world’s leading biometric technology, distributed system topology, and integration with third-party solutions, Suprema provides the most secure physical access control solutions for data centres.

Suprema adheres to strict security standards:

Irreversible biometric template protection: Leakage of real fingerprint or facial images registered for authentication may pose a serious threat to security. Actual images are reorganised as binary templates through an advanced analysis algorithm which can never be reversed to a real live image.

Personal data protection: Protecting personal data from malicious attacks or leaks has never been more important. Suprema solutions are designed to safeguard all personal data including biometric credentials and any information that can be traced back to a user. All data is encrypted using AES 256, AES 128, DES/3DES before storing in the server, device or cards. Suprema’s web-based open security platform BioStar 2 also received ISO 27001 and 27701 certifications, satisfying international standards for data protection and management.

Communication protection against malware and data breaches: Communication protection using encryption and certificates is applied to all communications used in the system. Server to client communication is protected by HTTPS, which can use a trusted CA signed certificate. Between the server and device, all communications are encrypted using AES 256, which can be enhanced by using TLS 1.2. Serial communication through RS-485 is also encrypted using AES 128 under the requirement to secure all possible communications. These implementations result in a system where it can efficiently defend against malicious attacks and protect all sensitive data.

Physical protection of sensitive data on edge devices: All edge devices produced by Suprema support security tamper-proofing to protect stored data from physical threats. If any unauthorised attacker removes the device from the wall, all data and configurations stored will be deleted immediately.

Providing proof of compliance: All activity on the system is recorded from the moment of logging into the BioStar 2 platform. The operations are recorded as logs including information of time, object, and details of actions in the system.

Authentication for data access: The BioStar 2 platform faithfully reflects privacy protection and organisational operation requirements. Permission levels to access personal information can be divided up in various ways.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Unlock data insights and integration
Gallagher Access Control & Identity Management Products & Solutions
Gallagher Security announced the release of its security site management software, Command Centre v9.20, which enables integration with Microsoft Entra ID, a cloud-based identity and access management system that provides seamless synchronisation of cardholders across systems.

Read more...
Gallagher Security opens Cape Town office
Gallagher News & Events Access Control & Identity Management
Acknowledging a significant period of growth for the company in South Africa, opening a second office will enable Gallagher to increase its presence across the region with staff based in Johannesburg and Cape Town.

Read more...
Securing access against unwanted visitors
Intelliguard Access Control & Identity Management Residential Estate (Industry) Products & Solutions
In today's residential estates and complexes, one of the biggest concerns is preventing unauthorised access, while ensuring a smooth and convenient experience for residents and approved visitors.

Read more...
Smart access for a safer community
neaMetrics Suprema Access Control & Identity Management Residential Estate (Industry) Products & Solutions
Suprema's BioEntry W3 integrates AI-powered facial authentication into a sleek design that prioritises security, privacy and user experience, and even allows users to store their facial templates on their mobiles instead of external devices.

Read more...
Effortless and secure visitor management
Secutel Technologies Access Control & Identity Management Residential Estate (Industry)
Secutel Ventures has introduced SecuVisit, an access control solution designed to simplify visitor management while enhancing security. With two innovative components onboard, SecuVisit ensures seamless visitor check-ins anytime, anywhere.

Read more...
Glovent’s SOS Suite triple protects estate residents
News & Events Access Control & Identity Management Residential Estate (Industry)
One hundred and fifty-three years since the world’s first panic button was introduced in New York City, Glovent offers estate residents three different ways of summoning emergency assistance at the touch of a button.

Read more...
Security professionals gather at Integrate 360
Gallagher Access Control & Identity Management News & Events
Gallagher Security’s Integrate 360 brought together some of the best minds in security, innovation, and technology for two days full of insights, demonstrations, and future-focused discussions.

Read more...
Suprema showcases enterprise security at Integrate 360
Suprema News & Events Access Control & Identity Management
Since 2006, neaMetrics, Suprema’s distributor in Africa, has worked closely with Gallagher, building a robust partnership resulting in seamless integration between Suprema’s advanced biometric readers and Gallagher’s security management platform.

Read more...
New ASSA ABLOY facility opens in South Africa
ASSA ABLOY South Africa iDSystems Impro Technologies Access Control & Identity Management News & Events
ASSA ABLOY announced the opening of its new facility in Durban, South Africa. This new site unites IDS and Impro operations, bringing both manufacturing plants under one roof to create a hub for innovative access solutions.

Read more...
iProov achieves FIDO Remote Identity Verification certification
News & Events Access Control & Identity Management
iProov, iiDENTIFii’s technology partner in Africa, is the first to achieve the new, global certification in face biometric identity verification from the FIDO Alliance, an open industry association whose mission is to reduce the world’s reliance on passwords.

Read more...