printer friendly version

A finger on data centre security

Security is now a watchword in all data centres, but as Mark Hirst, product manager with Cannon T4 Data Centre Solutions explains, fingerprint biometrics – even at the cabinet level – is now a real contender on several fronts.

Data centre security has always been an issue for anyone involved in commissioning and maintaining a data centre, but the falling costs of technology over the last few years has meant that fingerprint security at the cabinet level has become a cost-effective reality.

The standard argument against fingerprint identification is that it is too expensive. “A couple of years ago I would have been forced to agree with you, but the costs of fingerprint biometric technology and its allied systems – and supporting infrastructure – have now fallen to the point where it has become an extremely viable option for even the most careful of corporate accountants to consider,” says Hirst.

The time taken to verify a fingerprint at the scanner is now down to a second and because the templates – which can be updated/polled to/from a centralised server on a regular basis – are maintained locally, the verification process can take place whether or not a network connection is present.

And the enrolment process is similarly enhanced, with a typical enrol involving three sample fingerprints being taken on a terminal, and the user then able to authenticate themselves from that point onwards.

Self-authentication

The concept of self-authentication is an important one as, unlike a physical token such as swipe-cards, RFID contactless cards and even key codes – which can be used/misused by anyone in possession of the token or code – the fingerprint biometric is uniquely personal to the owner.

Furthermore – and despite what you may have seen in the movies – today’s technology can even verify whether the fingerprint is attached to a live person. This level of efficiency, cost-effectiveness and all-round reliability of fingerprint security, even in a fail-safe `network down’ scenario, means that a growing number of clients are now securing their IT resources at the cabinet level, integrating the data feed from the scanner to other forms of security such as video surveillance.

One can, for example, tie in the scanner feed with a video feed, even verifying the employee and adding their name/employee number to the digital video audit record that a growing number of data centre clients now require.

These requirements stem from governance rules from international bodies and organisations such as the Wakefield, MA-headquartered Payment Card Security Standards Council, which controls the PCI DSS governance rules for card-accepting businesses.

PCI DSS rules apply to organisations of all sizes and are a governance requirement for any business or agency that accepts credit/debit cards and processes their own data. Version 2.0 of the rules is currently operational and v3.0 was expected towards the end of 2012.

This integrated security approach at the cabinet level is an important part of the audit process as a growing number of organisations are finding that, not only must they secure their racks and cabinets, but they must be able to prove the efficacy of their audit systems to one or more governance bodies.

Securing data centre chaos

The reality is that, in the modern data centre environment – which typically has multiple contractors and staff constantly working at multiple sites – the individual cabinets are frequently processing many millions of rands worth of data per hour, so the cost of any downtime, however caused, can have eye-watering consequences. This is particularly important in these security-conscious times with the threat of accidental and malicious interference hanging over any data centre operation, no matter how large or small.

And it is for these reasons that a growing number of clients, especially those that rent space on a co-location basis, either on a local/remote or a private cloud computing basis, and who are looking for an auditable GRC (governance, risk and compliance) security system that per-cabinet security is long overdue.

It gets worse, as with more draconian non-US and South African governance rules, such as impending European Commission-led data privacy legislation that has data breach penalties of up to 2% of an organisation’s global turnover, and which will make Sarbanes-Oxley look like a walk in the park, the impetus for fingerprint security at the cabinet can only get stronger.

Do the EU rules apply to your organisation? Like Sarbanes-Oxley, the impending new European Union rules are pervasive as, if you have operations within any one of the 27 EU member countries, they almost certainly apply to your IT and business operations.

If you are in IT, then you are in data security. Make sure your IT is too.

Share this article:

Further reading: