You’ve got your access control system down pat, with multiple levels of security employed, from something you have, something you know and something you are (also see first blog post on this topic at http://blog.schneider-electric.com/datacenter/?p=27). That’s a great first (and maybe second and third) step, but here we offer six additional tools and technologies to think about when protecting your critical resources.
1. Building design. Physical security can be addressed from the ground up by incorporating architectural and construction features that discourage or thwart intrusion. Generally these features relate to potential entry and escape routes, meaning things like positioning the data center door in such a way that only traffic intended for the data center is near the door. Also take care to protect access to critical infrastructure elements such as HVAC and wiring, and prevent potential sources of concealment for intruders. And keep the data center away from any other areas that present man-made risks, such as kitchens, and position it such that it doesn’t abut any outside walls.
2. Mantraps. A common and frustrating loophole in otherwise secure access control systems is the ability of an unauthorized person to follow through a checkpoint behind an authorized person. This is known as piggybacking when the authorized person is complicit in the act and tailgating when he isn’t. A solution is an airlock-style arrangement called a mantrap, which essentially entails having two doors at both the entrance and exit, with room for only one person in the space between the doors. Mantraps can be designed with access control for both entry and exit, or for exit only —in which case a failed attempt to exit the enclosure causes the entry door to lock and an alert to be issued indicating that an intruder has been caught. Another option is an overhead camera for optical tracking and tagging of individuals as they pass, issuing an alert if it detects more than one person per authorized entry.
3. Camera surveillance. Still cameras can also be used for such things as recording license plates at vehicle entry points, or in conjunction with footstep sensors to record people at critical locations, such as data center entry doors. Some things to consider when placing cameras:
- Is it important that the person in camera view be easily identifiable, or only that the room is occupied?
- Do you need to be able to see if assets are being removed or does the camera simply serve as a deterrent?
If you opt to record video signals, you’ll need procedures to address issues such as:
- Indexing and cataloging tapes for easy retrieval
- Where the tapes will be stored – on- or off-site
- Who will be authorized to access the tapes
- How long the tapes will be kept
4. Security guards. Security experts agree that a quality staff of protection officers tops the list of methods for backing up and supporting access control. Armed with their human senses, guards provide superior surveillance capabilities plus the ability to respond with mobility and intelligence to suspicious, unusual, or disastrous events.
5. Sensors and alarms. In addition to the motion, heat and contact (door-closed) sensors commonly used in office buildings, data centers may use additional forms of sensors. They include laser beam barriers, footstep sensors, touch sensors and vibration sensors. If the sensors are network-enabled, they can be monitored and controlled remotely.
6. Visitors. Any security system design needs to include policies for how to handle visitors. Typical solutions are to issue temporary badges or cards for low-security areas, and to require escorting for high security areas.
To learn more about how to protect your critical resources, check out the APC by Schneider Electric white paper, Physical Security in Mission Critical Facilities.