If life in the data center was a musical, the first two songs security and IT folks would break out in song and dance to would be "Let's Get Physical" and "We're All in this Together."
If the show was based on a recent story in The Register, it would be a somber production. The piece details the repeated break-ins to C I Host, a co-location facility in Chicago. The scary part - aside from the fact that the thieves appear to have been a pretty violent bunch who struck and repeatedly tazered the night manager - is that this was the fourth time in two years that facility was broken into and the company seems to have not been upfront with its customers. In a broader sense, the benefit IT managers and their bosses can gain from other companies' misfortunes is that physical security efforts must be redoubled.
It is a changing world in which physical and electronic initiatives are coalescing. Enterprise IT Planet details how this transition is essentially inevitable. Examples abound: Data from card scanners used to gain entry to the facility and areas within are stored and trafficked like any other data on the corporate local-area network (LAN). Thus, the IT department is a key player in protecting it. An even better example is video surveillance. This world is moving to IP, and security images are handled as all other video used by the company.
The major intersection of IT and physical security is personnel authentication and facility access control, according to Security Magazine The writer discusses the evolution of surveillance. Smart cards and biometrics are another hybrid physical/electronic security endeavor that may be jointly overseen by the IT and security departments. The piece suggests that it is important for IT and security staffs to coordinate procedures for employee terminations. A lapse of even a few minutes between termination and ending of access rights can be costly if the terminated person is angry and knows his or her way around a computer.
It is not only terminated employees who are a threat. A blogger at TechRepublic says danger often comes from disgruntled or greedy employees or contractors who use their physical presence to in some way rob from or disrupt the organization. The writer offers six steps for restricting personal access centering on electronic badges and close observation, and seven steps to protect information and equipment. The takeaway clearly is that the line between physical and electronic security is rapidly disappearing.
A recent press release, posted at The Silicon Valley/San Jose Business Journal late last month, describes a data center Savvis opened in Santa Clara, Calif. The description is interesting both because of the particular features being offered and the high profile physical security is being given:
The data center's physical security features include guards, video monitoring systems, vehicle blockades, and bulletproof glass and walls. Entrance pods and "man traps" along with a biometric entry system are used to ensure that only fully authorized personnel are granted entry.In the wake of 9/11 and amid the general specter of terrorism, physical security of data has become a vital issue. The evolution of the Internet and IP technology gives security and IT forces powerful tools with which to protect the company, its clients and employees.
Read a summary of The Register's article referenced here regarding the multiple break-ins of a Chicago Data Center: [http://www.itbusinessedge.com/item/?ci=35607]
