Outside the Box
The idea of “thinking outside the box” has been hyped in the past decade to the point of becoming a cliche. Yet, it is certainly smart to think of physical security beyond the server box itself. This means rigidly adhering to such common sense tips as keeping servers behind a locked door, logging who enters the data center, locking consoles so those who do gain physical access must log in, creating a policy to lock the console when the machine is idle for a few minutes, storing backups under lock and key (and in a fire safe location), and not writing down passwords anywhere near the machine.
Another vital area, but one that has yet to catch on, is monitoring the data center with a camera. Sanford, Maine-based Ravica sells the cameraProbe8 (CP8), a Web-based camera option that enables security personnel to view who enters the room. It also provides e-mail and SMS notification for the triggering of intelligent security sensors and can be linked to other Ravica units that monitor environmental conditions (such as heat and humidity) inside a server room.
“A good mixture of physical security, access protection and remote monitoring is the key to making sure only the right people enter you data room.” — John Mills, monitoring director, Ravica
“If someone trips a door, security sensor or a motion detector sensor, CP8 captures this and e-mails snapshots of whatever is on screen at that exact moment,” said John Mills, monitoring director at Ravica. “It’s nice to be notified when someone is entering a secure location, but it’s best to know exactly who is entering.”
Cameras must be used wisely, however. That means monitoring all access points: Don’t position a camera on the front door when anyone can sneak in the back way undetected. And don’t be foolish enough to only install the cameras. They are just one element of a sound physical security system.
“A good mixture of physical security, access protection and remote monitoring is the key to making sure only the right people enter you data room,” says Mills.
Keeping Employees Honest
Although keeping interlopers from entering the facility may appear to be the driver for this physical security, in-depth security surveys from the FBI have found internal theft to be a far bigger threat to any server room. Most hard drive thefts, it turns out, are inside jobs. So simply keeping the front entrance well-guarded is not enough.
Similarly, don’t set things up so the hardware is well protected, but the data is easily accessed. The cost of lost data usually dwarfs the price of the hard drive, server, or device that walks.
Ultimately, “server entrapments protect computers, but their real job is protecting the data by preventing your employees (usually) from walking out the door with it,” says Schmit. “Server entrapments keep your entrusted employees honest.”