You may well have state of the art firewalls, biometric security and CCTV cameras to control access to your data, but if you still use old-fashioned locks and keys to secure your server racks and cabinets on the inside, then you could be laying yourself wide open for a preventable data breach. Grant Macdonald, Managing Director of Codelocks, looks at how digital cabinet locks can bring your internal access control up to the necessary standards.
Firewalls and other cyber security measures are constantly evolving to meet the threat of ever-more sophisticated cyber attacks, and yet it is the old mechanical locks and keys that could be posing the biggest security threat to businesses.
Given the rise in the use of shared or ‘colocation’ data centres, physical site security is of crucial importance. Physical access to data centres from outside is generally tightly controlled, with many facilities employing state-of-the-art security solutions to monitor and control the flow of visitors coming in and out of the building. On the inside however, it’s often a different story.
Many server cabinets are secured with locks and keys, with which the operations manager controls access. In the case of shared data centres, the operations manager ensures that these cabinets are only accessible to the owner of the equipment. However there are inherent problems with this system.
Jason Cook, CTO of BT Americas, summarises the problem: “Physical security is still one of the easiest ways to get access to data. With all of the sophistication in the current technology, what’s the point, if someone can walk in and open the door? Anyone that’s trying to get access to data will try the most obvious things first.”
The disadvantages of locks and keys
Many companies with colocation data centres have no idea whom they’re sharing data space with, and it’s natural to feel apprehensive about entrusting sensitive customer data to a third party. When that third party uses mechanical locks and keys, the risk seems even higher.
Many operations managers still use the locks and keys originally supplied with the data cabinets, while some use padlocks and keys. Large data centres might have hundreds of locked cabinets, and managing the keys on such a large scale can be a hugely problematic task – especially in colocation data centres, where different technicians and service support staff need access to their own servers. An audit trail must be kept for every key issued. However, even in the event of a data breach, a lock and key audit trail may not be sufficient to help investigate the incident.
If a master key is lost or stolen, the locks must be changed on every single cabinet. Where keys go missing, replacement keys must be reissued and the entire lock mechanism refitted.
The operations manager’s task is enormous, putting customer data at unnecessary risk.
Data breaches are obviously very costly, both financially and to a company’s reputation. A digital locking system however, could bring your entire security coverage up to the best standard possible.
The solution: KitLock 1550, the SMART flexible cabinet lock for the digital age
Digital cabinet locks are the secure, flexible and functional evolution of mechanical locks. Fast and simple to use, the keyless KitLock 1550 provides secure access with a choice of a four-digit access code or card for the user. The lock can be operated manually or from a tablet. Access can even be controlled remotely, which makes it ideally suited for use by data centre engineers who require routine access to multiple locked cabinets at one or more location.
KitLock 1550 has three functions: Private, Public and NetCode. The (default) ‘Private’ mode is ideal for an individual or small group of people requiring repeated access to the cabinet. A single lock can operate with up to 20 different individual codes, or 50 MIFARE based-smart cards. NetCode is ideal for use in data centres, as it enables remote time-sensitive control of access to cabinets. In this instance the codes can be sent to engineers by SMS or email, which then expire after a set time frame to maintain security. For urgent unscheduled maintenance, the engineers can even generate NetCodes themselves using pre-registered approved devices.
Maintaining optimal security of data centres is obviously a priority for operations managers, and products like the KitLock 1550 cabinet lock make planning and maintaining multi-layer site security that much simpler, convenient and more effective. Furthermore, users benefit from greater control and peace of mind over their access and security.
KitLock is a brand of Codelocks, an innovative designer and manufacturer of electronic and mechanical keypad locks for doors, cabinets, lockers and enclosures. For more information on controlling access to data centre cabinets and enclosures with digital locks, visit Codelocks on stand G15 at this year’s Data Centre World.