By Bill Evanger
While most discussions of IT security focus on logical controls, protection of the physical data center infrastructure is becoming increasingly important. The European Union (EU) General Data Protection Regulation (GDPR), which goes into effect next May, illustrates this point.
The GDPR is a strict new law governing the security and privacy of the personal data of anyone living in the EU. Although it is designed to standardize data privacy legislation across Europe, it has significant implications for companies around the world. It applies to any organization — regardless of its size or location — that collects and stores the data of EU residents.
The regulation mandates that all organizations know exactly where every instance of someone’s personal information is located and “implement appropriate technical and organizational measures” to ensure the protection of that data. Among the minimal organizational measures is ensuring the physical security of the premises where data is stored.
The GDPR isn’t the only regulation mandating physical data center security. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires that organizations restrict and monitor access to any facility that houses systems used for storing, processing, or transmitting cardholder data. HIPAA prescribes “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards and unauthorized intrusion.”
Most data centers have implemented physical security measures such as electromechanical door locks, smartcard or biometric access controls, and video surveillance systems. As with all IT security issues, however, humans are the weakest link. Data thieves can gain entry by “tailgating” behind employees or posing as building maintenance personnel. Malicious insiders who have the freedom to roam through all parts of the facility can gain almost unfettered access to IT systems.
When it comes to security and regulatory compliance, organizations are rightfully concerned about firewalls, intrusion prevention systems, and other logical controls. However, the most sophisticated security tools are useless if cybercriminals can enter the data center facility and access or tamper with the equipment. As organizations prepare for GDPR compliance, they should take a hard look at their physical security strategies and infrastructure, and implement policies and procedures for keeping intruders away from sensitive data.
Share this article on:
For years, data center power and cooling requirements remained relatively stable, enabling organizations to plan for...
Money, identities, books, art, movies, appliances, medical devices, automobiles… it seems as though there’s a...
Data centers are experiencing rapid growth to meet the burgeoning demand for processing power and storage capacity....
Once thought to be “nice to haves”, data center infrastructure management (DCIM) tools have become essential to...
Although businesses continue to migrate more applications and services to the cloud, most also need to maintain a...
As the costs of building and maintaining an on-premises data center continue to escalate, more and more organizations...
Traditionally, organizations build data centers from the ground up by installing cabinets and racks and then adding...
Unplanned network outages due to natural disasters, system failures, cyberthreats, or human error are on the rise,...
Fremont, Calif. — June 22, 2017 — Rahi Systems announced today a partner agreement with Daxten, a leading...
Despite predictions of its impending demise, the U.S. on-premise data center market remains healthy. More than half of...
Outdated or obsolete applications make up nearly a third of the typical organization’s software portfolio,...
Traditionally, data centers have had power distribution systems purpose-built by electricians. However, custom...
More and more organizations are choosing to get out of the data center business and partner with a colocation provider...
Power Usage in Data Centers Data Center power consumption has long been a concern of budget-conscious IT managers....
Most organizations had to rush to shift to work-from-home models. Now, they’re taking a more strategic approach to...
OVHcloud Data Center Fire in France In March 2021, OVHcloud’s five-story, 5,400-square-foot SBG2 data center in...
Why is Workspace Utilization Analysis more important now than ever before? Organizations need to understand how many...
In today’s rapidly-changing environment, it is paramount for businesses to be swiftly able to connect and...
Blockchain technology has revolutionized the data that would have been difficult to predict a few years ago. What...
The internet has come a long way since its inception in the early 90s. Beginning from fetching information for...
Phishing has become a rage in the threat actors' community to start exploiting people. While the technique isn’t...
For years, data center power and cooling requirements remained relatively stable, enabling organizations to plan...
Let our experts design, develop, deploy and manage your requirements while you focus on what's important for your business
