Data center security is a constant struggle for modern data center managers. With the threat of both physical breaches and cyberattacks hanging over their heads, data center managers must adhere to the strictest security compliance regulations while simultaneously ensuring that their technicians and contractors have the access they need to maintain availability and reduce downtime.
Most managers turn to data center software specifically designed for security to address compliance efforts and best practices. But did you know that modern Data Center Infrastructure Management (DCIM) software – the same solution you use for asset management and power monitoring – also includes several features that can reduce your data center security risks?
Whether you manage an enterprise location or a colocation data center, these five features of DCIM software can help keep your and your customers’ assets secure:
1. Door Locks and Card Access Control
Keeping your data center assets in enclosed cabinets or containment areas such as cages is one of the most common and effective means of data center physical security. Doors and the ability to lock them (through physical keys, RFID cards, or biometrics) can deter unauthorized users from attempting access simply because of the sheer effort required to break in. However, monitoring these doors, if they’re closed and locked, and who has access to them can be challenging, especially when you and your team don’t have the time to check each door manually.
That’s where DCIM software comes in. A data center software solution can help you track when doors to your cabinets are open through contacted closure sensors. It can also determine when access attempts are made, by whom, and if the attempts are successful with card access assignments made through the software. Having a single, centralized system for door access management enables you to save time, eliminate the stress and hassle of keeping track of keys or cards, and even meet HIPAA and other compliance requirements.
2. Bulk Device Configuration and Firmware Updates
The devices in your data center can be one of your most understated security risks. Polling, remote power cycling, and other typical features of intelligent PDUs and other Internet-enabled smart devices are critical to data center power monitoring and environmental management. However, being connected to a network also leaves these devices open to be compromised so that hackers can gain access to them and to your data center systems. Prevention of such a security breach and disaster recovery in its aftermath can be impossibly difficult when you have hundreds, if not thousands, of iPDUs across multiple data centers to manage.
A comprehensive DCIM solution enables you to make changes to the configuration of your intelligent PDUs in bulk. SNMP settings, including authentication, and administrator credentials can be easily changed across a range of devices, without the need to manually log in to each PDU and make the updates individually. When a manufacturer delivers a new firmware version with the latest security patches, DCIM software allows you to save the file and roll it out to user-selected, supported devices. These common iPDU management tasks are simple yet effective data center security practices that can help you mitigate the risks of a breach.
3. Role-Based Permissions
With 60 percent of attacks carried out by insiders (either inadvertently or maliciously), it’s critical for data center managers to control the level of access that teams have to data center data. Seemingly innocuous employee behaviors can have unintended consequences that compromise the security of your data center. Limiting your employees’ access to areas of your data centers, devices, and even what they are able to do in your data center management software are must-follow best practices for safeguarding your data centers.
Granular, role-based permissioning in DCIM software can help you protect your data centers against the biggest enterprise security threat of all: your employees. DCIM software tools make it easy for you to maintain permissions and prevent unauthorized changes by assigning different roles to users and user groups at granular levels. One user might have edit permissions to a single PDU in a cabinet in a data center, while another might have the ability to only view the devices through the entire data center. In the case of colocation data centers, role-based permissions can be provided to your colocation data center provider’s technicians or managed services team to limit their ability to modify your equipment. DCIM software also integrates with your existing LDAP systems and Active Directory for an additional level of authentication so only authorized users have access to your data center. To further support security, role-based permissions can be easily documented to show your compliance with company and regulatory policies and procedures.
4. Surveillance Feeds
Most data centers implement surveillance feeds, such as those provided by analog closed-circuit television (CCTV) cameras, as a comparatively inexpensive option for physical data center security monitoring. Real-time camera feeds let you view and protect your data centers anytime, anywhere. However, having data center personnel sit in front of screens all day and switch back and forth between feeds limits their effectiveness and productivity.
DCIM software takes surveillance feeds one step further by supporting feeds from IP and USB cameras. It supports plug-and-play functionality that meets your specific security surveillance needs. Multiple feeds can be added to an HTML5 dashboard so that you can monitor multiple areas or sites remotely through the software itself. As a result, you’ll be able to keep an eye on what’s going on in your data center – even when you’re not on site.
5. Alerts, Auditing, and Reporting
In many cases, awareness of a data center security breach arises only when the damage has already been done. Following a breach, the data you have on who has accessed different areas or devices in your data center can be invaluable for understanding the cause of the incident and preventing similar events in the future.
Of course, the speed of your response to unauthorized activity can be the difference between proactive prevention and reactive recovery efforts. A data center software solution can help you track when doors to your cabinets are open and if access attempts are successful with real-time notifications so you can identify unauthorized personnel in your data center and act accordingly. This information should also be captured in your DCIM software audit log and security reports to help you with forensic analysis in case of a breach or other incident. Reporting can also help you spot trends around access to different areas of your data center so you can pinpoint and investigate suspicious activity.
The goal of data center security is to allow authorized users in while keeping intruders out, both physically and in relation to cyberattacks. DCIM software can help you in these endeavors by providing the tools to help manage everything from door locks and user access control to device configuration. When looking at how you can improve your data center security management and monitoring, consider your existing DCIM solution and ensure that you are taking full advantage of its features to safeguard your data centers against intrusions.