STE March Online Exclusive: Biometric Technologies Power Data Center Security

Feb. 19, 2013
Physical security can be just a hand or fingerprint away

In the mass data storage and communications industries, security and dependability are paramount, but firewalls and encryption are only part of the solution. If somebody breaks into a data center facility and steals a server, the security executive is in big trouble. For these executives, when addressing the questions of physical access control, the overwhelming answer has been biometric technology.

The challenge in offsite storage and information handling facilities has been to provide employees and customers with immediate access while at the same time producing a level of security commensurate with the value of the assets being protected.

These facilities need a solution that accommodates a large number of infrequent users. A simple card-based system, where cards can be lost or stolen, is not the answer. Forgotten and misplaced cards degrade the effectiveness of a security system. Offsite data facilities cannot rely on customers to remember their card each time they visit, and re-issuing can cost time and money, and can lead to breaches.

Data center security executives need to know their information is secure both logically and physically. Data centers need to provide a high level of assurance that people are who they claim to be while preventing unauthorized access to hardware and critical information. They also need flexible, fast authentication with a biometric that handles a large population without holdups. It is important to get employees and visitors in and out quickly.

It’s no surprise that for data industry leaders, when addressing the questions of physical access control, the overwhelming answer has been biometric technology. Hand readers and fingerprint scanners provide a level of security beyond that of conventional card system by verifying the identity of the person. At the same time, they eliminate the burden and expense of a card-based system.

Many Internet data, telecommunications and co-location facilities around the world have chosen biometrics for physical access control; likewise, many traditional organizations are also using the same biometric solution to protect on-site data centers.

The Equinix Solution
Facilities owned and maintained by Equinix are home to some of the world's largest content and enterprise companies — such as AOL, Yahoo, Google, IBM, Sony, Electronic Arts, General Electric, Hotwire, Paypal and others.

Equinix actually features a quick walk-through of their facility on its website — go to www.equinix.com and click “Insight Center/Tour an IBX Data Center” to check it out. From the front door, throughout the facility and at the independent cages, you will see biometric hand readers deployed, ensuring only authorized individuals gain entry.

Hand readers give data centers a ‘Fort Knox’ attitude, which is conveyed to both clients and employees, generating a heightened state of alert.

Data centers like Equinix’s need a system to identify hundreds of customers without using badges. In many cases, a proximity card system coupled with a biometric system creates two-factor authentication for access to the facility. Once enrolled, a user simply enters the facility using the proximity card and then uses the biometric reader to make positive identity verification.

Integrating Biometrics
Typically, larger data center installations use biometric readers at the entrance, on the security corridor and on the individual customer areas. Administration of the system is handled by software which includes features tailored for this type of application, including import/export and remote enrollment for multi-facility management, and expiring privileges for temporary access. Hand readers, for example, interface to most access control panels and can be configured to control a lock independent of a panel.

Once enrolled in the biometric system, the customer’s biometric identifier acts as a badge in the data center’s primary access control system. The system administrator can simply enable or disable an account to control access by a specific customer, and input a six-hour window, for example, after which authorization is automatically disabled. This ensures nobody can enter the data center that should not be there at a certain time.

The most common way to integrate biometrics is through “card reader emulation” — which is especially effective when integrating into existing card-based systems, because the wiring is identical to the card reader’s wiring. In this mode, the biometric device essentially works with the access control panel in the exact same way that a card reader does. The “card reader output port” of the biometric is connected to the panel’s card reader port. When a person uses the biometric, it outputs the ID number of the individual if, and only if, they are verified.

The format of the output is consistent with the card technology used by the access control panel. Once an ID number reaches the panel, it is handled as if it came from a card reader, and the determination of granting access is made by the panel. The access control panel, not the biometric, handles door control and monitoring.

Emily Flink is biometrics Product Marketing Manager for Ingersoll Rand Security Technologies. To request more information on IR, please visit www.securityinfowatch.com/10215684.