5 Best Practices for Access Control in the Data Center

By: Blair Felter on September 23, 2019

When a company colocates its servers and other hardware with a data center, it wants to know that the facility will do everything in its power to keep those assets safe from unauthorized access. That’s why access control in the data center should be built into its approach to physical and logical security measures to ensure that the facility maintains high degrees of visibility and control over who is handling colocated assets.

5 Best Practices for Access Control in the Data Center

Keep Access Lists Up to Date

Data center access policies identify who is authorized to enter certain areas of a facility and handle equipment that stores valuable data and applications. When a company colocates assets with a data center, it must provide an access list that lays out which people within the organization can be admitted to work with its servers and other hardware. These lists may also include third-party vendors, such as managed service providers (MSPs) who handle certain IT functions on a contractual basis. Access should be restricted to as few people as possible to mitigate security vulnerabilities and the potential for human error.

It’s also very important to update these lists regularly. As people change positions within an organization, their need for access can change along with it. More importantly, when employees leave the company or third-party vendors are replaced, they could present a serious security risk if they’re not removed from the access list. Companies need to monitor their access lists to make sure that they accurately reflect which people have legitimate reasons for accessing colocated assets.

Implement Multi-Factor Authentication

One of the core tenants of data center security standards is multi-factor authentication. These systems require visitors to provide more than one form of credential to verify their identity and need for access. Simply providing credentials like an ID badge or a password should not be sufficient for gaining access to key IT assets. The more forms of authorization are required, the more difficult it will be for someone to falsify their identity or justify their need for access.

Many data centers use biometric security access as a core element of multi-factor systems. Biological identifiers like retina scans, fingerprints, and voice patterns are much more difficult to forge or steal than things like key fobs or magnetic card keys. Even so, biometric security access should only be one aspect of multi-factor authentication. Anyone trying to gain access to colocated assets in a data center should also need to provide additional verification, which could include photo ID, a password, or even a work order that explains why they need access.

Adopt a “Zero Trust” Philosophy

Any access control system in a data center must balance convenience against security. While an organization may want to be able to have its personnel breeze through the front door and walk right into the server room, colocation facilities are responsible for ensuring the safety of every customer’s assets. When someone enters the data center, systems need to be in place to prevent them from accessing areas they have no business being in.

A “zero trust” approach to security brings the “trust, but verify” philosophy of network security into the realm of physical security systems. Every access point within a data center should require authorization, and in many cases visitors should be escorted through the facility by data center personnel. This ensures that no one will be able to present credentials a single time and then simply go wherever they want to go within the facility.

Use Interlock Checkpoints

A core physical security measure, personal interlocks (commonly known as “mantraps”) prevent unauthorized visitors from slipping through access points by “tailgating” or “piggybacking” behind someone with credentials. The system functions like an airlock, with an outer door and inner door that only allows one person through an access point at one time. Since each visitor is isolated and the outer and inner doors cannot be open at the same time, no one can pass their credentials back to another visitor.

Personal interlock mantraps can be monitored in a number of ways. Some of them use video cameras or an on-site security station, but others incorporate technology like contact sensors that measure body weight or use biometric security access that requires authentication inside the mantrap.

Track Assets With DCIM Tools

Asset tracking is a key element of access control. With data center infrastructure management (DCIM) tools like vXchnge’s award-winning in\site platform, colocation customers can monitor the location and status of their assets at all times. They can receive notification alerts whenever something moves or when someone accesses hardware installed in a cabinet. These systems often track historical data, making it possible to create a record of who accessed colocated hardware and when they did so, which can be checked against other records to ensure that every access was indeed authorized and necessary.

With DCIM tools, colocation customers can also manage their assets more effectively from a distance. They can update their access lists remotely and in real-time as well as issue work orders and IT tickets to data center remote hands personnel, which further reduces the need for anyone to access their secure systems. This functionality helps them to limit their access lists to only absolutely essential personnel.

Access control in the data center is one of the most important details customers should examine when evaluating colocation facilities. A good facility should be able to exercise complete control over who has access to colocated assets and be able to account for all activity that takes place within the data center. By implementing best practices for data center access control, they can provide greater peace of mind for colocation customers.

Speak to an Expert About Your Company's Specific Data Center Needs