When ScaleMatrix opened its 50,000 sq. ft. San Diego co-location and cloud data center in August 2011, it included cutting-edge extras like custom rack enclosures with cabinet-level fire suppression and electrical protection, which shield customers from service interruptions due to accidental emergency power-off or incidents elsewhere in the data center.
That customization of technologies extends to access control, as the facility has deployed a networked, fingerprint-biometric access control system that extends all the way from the front door to individual cabinet enclosures.
Co-location facilities compete fiercely, and demonstrating the physical security strengths of facilities is paramount. ScaleMatrix CEO and data center industry veteran Mark Ortenzi wanted to promote his as “the most secure data center in Southern California.” However, multi-layered security would be the only way to back that claim.
Security Starts at the Perimeter
The ScaleMatrix facility’s perimeter and parking lot are secured in two important ways. First, surveillance is provided by an advanced MOBOTIX digital video security system that includes CCTV cameras with motion sensors, 180-degree vision, facial tracking and recognition software that captures and records detailed imagery of every person who enters the facility. Second, the ScaleMatrix facility is patrolled and monitored by armed security personnel, which augments the surveillance system by safeguarding against forcible entry. “We’re the only facility of our type in San Diego that employs highly trained, armed guards,” Ortenzi says. “This is the last data center the bad guys should even approach with criminal intentions.”
Physical entry into the facility is secured by Digitus Biometrics’ wall-mount, fingerprint-recognition access control units. All client personnel who are authorized to enter the facility are enrolled into the biometric system in a process that stores a biometric fingerprint template – but not the person’s actual fingerprint – in a database. To enter the facility, an authorized person punches in a pin and places an enrolled finger on the biometric reader, which then opens an electromechanical lock if the fingerprint matches the stored template. There are no keys or proximity cards to get lost, stolen or separated from authorized users.
Taking Biometrics to the Cabinet Level
With the combination of digital video surveillance, armed security patrols and biometric access control at all facility doors, it is virtually impossible for any unauthorized person to gain access to the facility. “That’s extremely important,” Ortenzi says, “but you still have to be concerned with controlling what an authorized person can access after entering the data center.”
In a co-location facility, as in any data center, it is rare that anyone with authorized access has an actual need to access all server cabinets. Just as data center operators go to great lengths to limit access to files and applications to only those individuals who actually need them, thorough physical security calls for ensuring that only authorized personnel have access to physical assets that pertain to them. “When physical access control stops at the front door, a person who has legitimate access can become a problem insider,” Ortenzi says. “When server cabinets are unsecured, all it takes is a thumb drive for data security to be compromised.”
Initial design requirements were geared toward making sure that could not happen. Every server cabinet in the ScaleMatrix facility is biometrically protected. After entering the facility with a fingerprint scan, each authorized user must complete an additional fingerprint scan to open a server cabinet, which restricts co-location customers’ access to only those cabinets containing their specific assets.
In addition to giving ScaleMatrix the ability to demonstrate the highest level of protection to its customers, the system proved useful in satisfying another important group that matters greatly to those customers: regulatory auditors.