- Director of Facilities and Fleet Management »
- Construction engineer, U.S. Dept. of State »
- DIRECTOR OF COLLEGE FACILITIES »
- Senior Director of Facilities »
- ELECTRICIAN »
Time to Get Rid of Mechanical Keys in Data Centers?
March 23, 2018 - Security
By Ashish Moondra
A recent security breach in the city of Austin, Texas, highlights the advantages of electronic user access management solutions in lieu of mechanical keys in commercial buildings, including data centers.
According to KVUE News, a man recently stole a master key to special lock boxes on thousands of buildings in Austin and broke into at least two medical facilities.
The lock boxes are attached to the outside of buildings that have fire protection systems, and allow fire and medical crews to enter after hours, without causing damage, if there's an emergency. The man stole more than $30,000 from cashiers, and the city will need to spend hundreds of thousands to replace and upgrade the system. Phase I of the upgrade process alone is expected to take several months and will cost an estimated $300,000, according to a memo issued by the city. The total project is estimated to cost around $1.5 million.
Considering the security options available with today’s technology, organizations should consider replacing all mechanical keyed locks with electronic access control. Though the initial cost of such an implementation is more than the standard lock, the costs of potential compromise and theft will be much greater.
In data centers, the stakes are higher. Although cabinet-level security has been the priority for years, the reliance solely on use of mechanical keys can become a damaging expense and bring numerous privacy-related lawsuits. Additionally, strict regulatory compliance requirements in the health care (HIPAA and HITECH), financial (PCI DSS) and SaaS (SOC 2) industries, to name a few, require the use of physical access control with audit logs as a way to ensure data privacy and security.
There are cost-effective electronic access control (EAC) solutions in the market today that can provide intelligent security and dual-factor authentication to data center cabinets.
Following are the most important features to look for in an EAC solution that will solve today’s most demanding user access management concerns.
Intuitive Web Interface: Networked EAC locks should be remotely managed through a simple, user-friendly web interface that allows users to remotely monitor, manage, and authorize each cabinet access attempt. The main benefit of the interface is that it provides an audit trail for regulatory compliance through log reports that can be easily exported and emailed to designated personnel.
Additionally, the ability to manage through the web interface minimizes the need for wiring the electronic access systems to expensive security panels generally managed through building management systems.
IP Consolidation: The ability to network several locks through IP consolidation provides thousands of dollars in savings in networking costs and deployment time. There are solutions on the market today that allow up to 32 EAC controllers (32 cabinets) to be networked under only one IP address. As an example, a 48-port CISCO switch can run from $5,000 to more than $20,000, depending on the model.
Dual-Factor Authentication: Data security can be taken to the next level at minimal cost. Biometric authentication, which is the most secure form of physical access verification, typically requires installation of additional readers to every cabinet or facility door. However, one cost-effective and highly secure, dual-factor authentication solution is a fingerprint-activated card that works with EAC or other card-activated locks, eliminating the need for expensive deployments. These cards work with existing campus security systems, so data center employees are able to carry a single card (such as 125 KHz, HID ICLASS, and MIFARE proximity cards).
Environmental Monitoring Capability: Finally, take advantage of robust solutions that provide added capabilities, such as environmental monitoring. Critical conditions such as temperature and humidity can be monitored and managed through the interface, but the true savings come from the savings from utilizing one IP port for an appliance that offers both EAC and environmental monitoring.
Security and authentication to the cabinet level are becoming more critical. The widespread use of mechanical keys to secure data center cabinets will soon prove to be an expensive, inefficient headache. There are cost-effective, retrofit-friendly solutions in the market today that address this need.
Ashish Moondra is senior product manager, power, electronics and software, Chatsworth Products.