It continues to puzzle me.
Survey after survey, like the Gabriel Survey in the Fall of 2011 or the Intel Survey in September of that same year, has concluded that insiders are responsible of the vast majority of malicious attacks in the data center. While a great deal of attention has been placed on cyber security, most data centers continue to rely on outdated, ill-conceived methods of physical security. This leaves the investment in IT infrastructure and the data it manages, as vulnerable as it has ever been.
The IT community seems to be practicing what I call “the ostrich theory of management”. That is, we put our heads in the sand and hope the issue has gone away when we pull it out. Meanwhile, malicious insiders continue to be responsible for the majority of physical attacks on data centers, resulting in damaged/stolen IT assets and significant downtime. Once IT infrastructure is damaged and/or stolen by insiders, the actual cost of the hardware pales in comparison to the cost of downtime to brand and reputation.
Most physical security schemes fail to recognize the insider threat. With insider threats on the rise, this directly correlates to higher vulnerability rates in the data center. The only way to lower vulnerability rates related to insider activity is to secure the core along with the perimeter. Any initiative to secure the core begins at the server cabinet level. All access to server rack cabinets within the data center must be managed and recorded. An indisputable audit trail of all cabinet level activity dramatically reduces the vulnerability to insider attacks and damage. This type of audit trail can only be achieved through biometrics.
Biometric access control at the cabinet level can protect IT infrastructure and dramatically reduce the data center’s vulnerability to insider attacks, keeping downtime to a minimum and data secure.