A finger on data centre security

April 2013 Access Control & Identity Management

Security is now a watchword in all data centres, but as Mark Hirst, product manager with Cannon T4 Data Centre Solutions explains, fingerprint biometrics – even at the cabinet level – is now a real contender on several fronts.

Data centre security has always been an issue for anyone involved in commissioning and maintaining a data centre, but the falling costs of technology over the last few years has meant that fingerprint security at the cabinet level has become a cost-effective reality.

The standard argument against fingerprint identification is that it is too expensive. “A couple of years ago I would have been forced to agree with you, but the costs of fingerprint biometric technology and its allied systems – and supporting infrastructure – have now fallen to the point where it has become an extremely viable option for even the most careful of corporate accountants to consider,” says Hirst.

The time taken to verify a fingerprint at the scanner is now down to a second and because the templates – which can be updated/polled to/from a centralised server on a regular basis – are maintained locally, the verification process can take place whether or not a network connection is present.

And the enrolment process is similarly enhanced, with a typical enrol involving three sample fingerprints being taken on a terminal, and the user then able to authenticate themselves from that point onwards.

Self-authentication

The concept of self-authentication is an important one as, unlike a physical token such as swipe-cards, RFID contactless cards and even key codes – which can be used/misused by anyone in possession of the token or code – the fingerprint biometric is uniquely personal to the owner.

Furthermore – and despite what you may have seen in the movies – today’s technology can even verify whether the fingerprint is attached to a live person. This level of efficiency, cost-effectiveness and all-round reliability of fingerprint security, even in a fail-safe `network down’ scenario, means that a growing number of clients are now securing their IT resources at the cabinet level, integrating the data feed from the scanner to other forms of security such as video surveillance.

One can, for example, tie in the scanner feed with a video feed, even verifying the employee and adding their name/employee number to the digital video audit record that a growing number of data centre clients now require.

These requirements stem from governance rules from international bodies and organisations such as the Wakefield, MA-headquartered Payment Card Security Standards Council, which controls the PCI DSS governance rules for card-accepting businesses.

PCI DSS rules apply to organisations of all sizes and are a governance requirement for any business or agency that accepts credit/debit cards and processes their own data. Version 2.0 of the rules is currently operational and v3.0 was expected towards the end of 2012.

This integrated security approach at the cabinet level is an important part of the audit process as a growing number of organisations are finding that, not only must they secure their racks and cabinets, but they must be able to prove the efficacy of their audit systems to one or more governance bodies.

Securing data centre chaos

The reality is that, in the modern data centre environment – which typically has multiple contractors and staff constantly working at multiple sites – the individual cabinets are frequently processing many millions of rands worth of data per hour, so the cost of any downtime, however caused, can have eye-watering consequences. This is particularly important in these security-conscious times with the threat of accidental and malicious interference hanging over any data centre operation, no matter how large or small.

And it is for these reasons that a growing number of clients, especially those that rent space on a co-location basis, either on a local/remote or a private cloud computing basis, and who are looking for an auditable GRC (governance, risk and compliance) security system that per-cabinet security is long overdue.

It gets worse, as with more draconian non-US and South African governance rules, such as impending European Commission-led data privacy legislation that has data breach penalties of up to 2% of an organisation’s global turnover, and which will make Sarbanes-Oxley look like a walk in the park, the impetus for fingerprint security at the cabinet can only get stronger.

Do the EU rules apply to your organisation? Like Sarbanes-Oxley, the impending new European Union rules are pervasive as, if you have operations within any one of the 27 EU member countries, they almost certainly apply to your IT and business operations.

If you are in IT, then you are in data security. Make sure your IT is too.

For more information go to www.cannontech.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Revamping Liberty Life’s reception area
Turnstar Systems Access Control & Identity Management Commercial (Industry)
Turnstar supplied and installed four Speedgate Express lanes, each 550 mm wide, as well as two Pulse Special Needs Gates for wheelchair access to Liberty Life.

Read more...
Hybrid licence plate recognition
ZKTeco Products Access Control & Identity Management Transport (Industry) Logistics (Industry)
The ZKTeco LPRS2000 is a hybrid-recognition vehicle management terminal that combines the latest high-performance UHF reader.

Read more...
Suprema joins FiRa Consortium
Suprema News Access Control & Identity Management
Suprema recently became a member of the FiRa Consortium, a consultative body that establishes standards for ultra-wideband (UWB) technology, the next generation of wireless communication.

Read more...
Physical security at distribution centre
Turnstar Systems Transport (Industry) Access Control & Identity Management Products Logistics (Industry)
Turnstar’s Velocity Raptors create a high-security physical barrier at Massmart’s new 75 000 m2 distribution centre in Riversands, Johannesburg .

Read more...
Integrated smart parking management
ZKTeco Access Control & Identity Management Transport (Industry) Products Logistics (Industry)
ZKTeco smart parking management provides a solution for both small parking lots and busy multi-story car parks, providing maximum efficiency, transparency and security.

Read more...
UHF RFID standalone terminal
ZKTeco Products Access Control & Identity Management Transport (Industry) Logistics (Industry)
The U2000 increases access control functions and supports TCP/IP communication, Wiegand in/out, two relays, third-party electric locks, door sensors and exit buttons.

Read more...
PALMKI palm vein recognition technology
Access Control & Identity Management Products
Tactile Technologies has announced the launch of Palmki, a palm vein recognition solution developed and marketed by PerfectID, a Belgian company.

Read more...
ATG Digital launches solution for emergencies
Access Control & Identity Management Asset Management, EAS, RFID
ATG Digital has launched a Roll Call feature on its app to assist SHEQ managers and safety officers who cite attendance records in an emergency as one of their biggest challenges.

Read more...
UHF and Bluetooth multi-technology reader
Evolving Management Solutions Products Access Control & Identity Management
The SPECTRE nano offers hands-free identification of the vehicle and/or the driver, as well as interoperable and multi-protocol secure identification.

Read more...
Identity proofing allows easy virtual ID checks
Access Control & Identity Management Security Services & Risk Management
The identity verification market is expected to grow from $8 billion in 2021 to reach $17,7 billion in 2026 with a CAGR of 17,1%, and identity proofing in particular is gaining popularity.

Read more...