Greetings and welcome back. In this blog, we take a close look at Network Closet Security Vulnerabilities – Physical Security. This is the first in a new series on the key types of network closet security flaws. This is a key topic, especially for all those of you who are covered under HIPAA, PCI-DSS, FERPA, Gramm Leach Bliley and other data security regulations. The fact is, as more data shifts to the cloud, that means that more data is transported through your network closets to the various cloud providers that you employ. Because cloud services tend to be well-fortressed, cyber criminals are turning to the easiest way to get to that data – your network closets.
To begin with, all of the key data security regulations require you to physically secure your data. Here are some key provisions with which we should all take time to familiarize ourselves:
HIPAA Section 164.310: “Facility Access Controls. Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.”
PCI-DSS Requirement 9.1: Verify the existence of physical security controls for each computer room, data center, and other physical areas with systems in the cardholder data environment. Without physical access controls, such as badge systems and door controls, unauthorized persons could potentially gain access to the facility to steal, disable, disrupt, or destroy critical systems and cardholder data.
GRAMM LEACH BLILEY: “Management should deploy adequate physical security in a layered or zoned approach at every IT operations center commensurate with the value, confidentiality, and criticality of the data stored or accessible and the identified risks.”
Its clear from these sections of security codes that you need to provide a secure card-based access system in order to be compliant with major data security regulations. What isn’t clear is which physical security system is the best for your application. Fortunately, our RackGuardian system is one of the only systems that supports virtually any access card on the market. That means that, if you are already using a card access system for your main door at your facility, chances are very good that RackGuardian can support that card on a plug-and-play basis. If, on the other hand, you need a new access card system, then we also have you covered.
In the next 2 blogs, we plan to look at cybersecurity and also backup power and environmental security for your data. Please take a good look at RackGuardian and we believe that you will find that its the most powerful security product for data security on the market. We welcome you to contact us with any questions about your individual security needs.
Until next time,