Data is exploding; driven in part by the rise of the Internet of Things (IoT) and the pervasive need to reach your end user or customer more efficiently and conveniently. But with all of this data — though often valuable — comes challenges. One of the biggest of those is data security, and in hand, compliance with related regulations. A new white paper from Chatsworth Products (CPI) contends today’s enterprises should consider extending physical security to the rack level through tools like cabinet-level electronic access control.
Companies in today’s markets certainly understand the importance of protecting their customers’ data, and cybersecurity has been a water cooler topic for years. But physical security, especially at the rack level, can often be overlooked. CPI asserts today’s businesses should not only ramp up physical security efforts for protecting data, but also should consider whether they are compliant with the various regulations that address data security
The new report acts as an overview and primer on data security regulations and compliance requirements, and makes an argument for extending physical security to the rack level. According to the report, this includes the use of electronic locking and access control systems at the rack level.
So, what are the data privacy regulation and standards, and what do they require? CPI breaks it down. “All data privacy standards and
regulations require physical access control measures for data processing and storage equipment, but with most regulations, it is up to organizations to decide which specific method or technology to use,” the report states.
That said, for many businesses and institutions responsible for large amounts of data, privacy is key — think the healthcare or finance industries. The report outlines key regulations and standards regarding data security, including HIPAA – Health Insurance Portability and Accountability Act; FISMA – Federal Information Security Modernization Act, and more.
But what does that all boil down to? CPI summarizes like this:
- You must have a method to physically secure data processing and storage equipment.
- You must have a method for identifying and managing authorized accessors.
- You must have a method of managing access to the physically secure space.
- You must keep records of access to the physically secure space.
The report goes on to detail the role of physical security at the rack level — beyond perimeter security and front-door access control. So, why extend security to the rack level?
Recognize that the last line of defense in physical security between data processing and storage equipment and access by unauthorized users is a secure server cabinet. — Chatsworth Products
According to the 2017 IBM X-Force Threat Intelligence Index, between 1 percent and 25 percent of attempts to steal data originate from malicious insiders. CPI contends that although most data center cabinets have keyed locks, cabinet-level electronic access control can help systems automate monitoring, documenting and control of access and allow fast reprogramming if access rights change or if a credential is lost or stolen.
Download the full report, “Importance of Cabinet-Level Electronic Access Control for Data Security and Regulatory Compliance,” courtesy of Chatsworth Products, that explores the potential of cabinet-level electronic access control to improve physical data security.