I’ve written a lot about Internet and Network security, but have never covered a really big hole that exists in a lot of companies, and that’s, well… the door.
Talk to any business about Network Security and the conversation and thought process often focuses on hackers, attack vectors, wireless, passwords, and many other technology avenues where security can be compromised. Those are all important, but what about the physical security of your data?
Years ago I knew the CEO of a company that lost all their data, and it was not because of a hard drive crash or a hacker. Thieves broke into the office. The alarm went off, but the thieves were fast, they didn’t care about the alarm. They took a pair of giant clippers and cut all the wires in the back of the server rack, power and network were all sliced. Then they rolled the entire cabinet out the door, into a cargo van, and drove off into the night. They were in and out before the police were even close. To make matters worse they also took all the backup tapes that were sitting on a table in the server room.
Had the server room been locked and secured, this story might have ended differently. Had their video surveillance system been managed and working properly, they might have ended up catching the thieves.
Physical Security Questions You Should Think About
- What are you doing to make sure that your physical security is enough to protect your data assets?
- Are you using fingerprint, optical, and/or Smart Card security for access to your facilities and to your server room?
- Is the server room secured so that only authorized personnel can access it?
- Is the door always locked?
- Do you use video surveillance and an alarm system?
- Is your video surveillance system monitored and managed?
- Is your server room in a central location, away from outside walls and doors?
- Are servers locked in a rack?
- Is your rack bolted to the floor?
There are a ton of relatively low-cost solutions that can be implemented to improve the physical security of your equipment and the critical data that is on that equipment. Losing your data is costly, so just about any money you spend for physical security is investment you cannot afford to not pay for.
Additionally this story above has other lessons. Had the data been encrypted on those servers, then data would not have been compromised and they would probably not had to tarnish their reputation by alerting everyone that data had been compromised
Lastly, every business needs a rock-solid remote backup disaster recovery solution. Had this company above employed this technology, servers could have been ordered quickly and data reloaded and they could have been back in operation after only a few days.
Many people take the belief that, “It won’t happen to me.” Don’t think that, because it very well can happen to you. Call JMARK so we can audit your physical security, backup and disaster recovery plans, and can help make sure you never have to deal with the pain that the CEO above had to deal with.