| A variety of control and usage options are available for automated key management systems in data centres |
The protection of networks and data centres is a growing concern given the recent spate of high profile security breaches, and it is forcing organisations into taking serious steps to improve protection. For many businesses, this means implementing a combination of passive and active security measures designed to deter, detect and react against threats. Included in these measures are multiple layers and types of safeguards, including physical measures, such as video surveillance or mantraps, and established policies and procedures that limit physical access, such as the use of key management and access control systems.
In particular, key systems are designed to securely hold keys and automatically track key usage. To access a stored key, the authorised user simply enters his or her personal identification code on the keypad and when the system verifies the user, the door will open and the location of the requested key will light up. Key control systems can also be configured with card readers or biometric readers and can be networked for centralised control. At any time, security operators can view the status of any key in the system; quickly and then ; determine who currently has which keys out and for what area and when they are scheduled to be returned; or determine who has had keys out, for what areas and when. Keys can be returned to any cabinet in the system, but if a key is not returned when scheduled, e-mail alerts and text messages can be sent to selected individuals to enable quick action.
These types of automated key management systems are ideal for use in a data centre facility because, in addition to the security they provide, they offer a variety of control and usage options. Following are a few scenarios that illustrate how implementation of these options can help ensure a more secure facility.
Specialised enrollment
This application entails enrollment of individuals based on their function. For example, an operations centre engineer can be authorised for 24/7 key access, whereas a technician may be restricted to accessing a particular key at certain times and for specific amounts of time. Similar access restrictions/permissions are easily programmed for personnel such as cleaning staff or security guards, who have reason to be on the premises but are not company employees. System administrators can quickly and easily terminate or revise individuals’ access in the event they leave their job or their shift is changed. Additionally, keys are securely attached to a fob, which prevents switching or duplicating keys.
Access control key systems
To address security concerns in high risk environments such as data centers, a Remote Box provides an additional layer of protection. The key control cabinet is installed in a secure room where it is protected from any potential vandalism or tampering, and the Remote Box is typically installed outside the secure room. Once an authorised employee inputs his PIN and other information into the Remote Box and it is validated, a second employee inside the secure room inputs her information as well, providing access to the key for which the first employee is authorised.
To address security concerns in high risk environments such as data centres, a Remote Box provides an additional layer of protection |
The versatility of the key control systems also lends itself to more complex applications in larger data center environments, as when multiple pieces of identification are needed to move about the data centre. In this example, a general access badge would allow the employee entrance to the building and a second badge would be used to access internal areas of the data center facility. To maintain tight security, the internal access badge would be secured in a key cabinet when not in use by the authorised employee.
Custom tailored configurations
Sophisticated key management allows for a wide range of configuration and installation options, including other items found in a data centre to which access also needs to be controlled. These might include radios, cell phones, hand-held computers, specialised test equipment, etc. which are used by different personnel through the course of any given day and are expensive and represent potential security breaches if stolen or misplaced. Additional modules for the system such as lockers can hold and control access to these devices, complete with an audit trail to record when they are removed and by whom. And, as access control systems continue to proliferate, the access devices themselves, such as magnetic cards or proximity devices, need to be secured in the same way as physical keys do. More advanced systems also accommodate these devices with specifically designed modules that can be used in any combination with standard key or locker modules.
Given that so much of an organisation’s assets and information are online and accessible, organisations must take a proactive approach to defending against these attacks. Today’s key control systems deliver ample testament to the benefits of reducing security threats with a well implemented key management system