Building Better Physical Security at the Edge
While data center outages associated with cyber crimes and other network threats grab headlines, downtime due to physical and environmental threats are just as damaging and costly to infrastructure operations. According to the Ponemon Institute, nearly one-quarter of data center downtime is attributed to human error or accidents such as overheating, leaks, fires and breached enclosures. A significant number of costly data center outages could be easily avoided with the proper physical security in place. Infonetics estimates this simple step could save organizations a staggering $25 million per year.
Physical security is a critical issue in any data center but is especially heightened at the edge. Typically, edge IT deployments like micro data centers are localized or designed to bring computing closer to the end user to reduce latency and improve system resiliency. The challenge with these remote deployments is that they are unmanned (or undermanned) network outposts and lack the critical physical security infrastructure commonly seen in traditional data centers. Rather than living behind secured doors, IT assets in these environments may sit exposed in the corner of an office building, hospital room or busy retail environment. Each scenario presents concerns ranging from purposeful tampering to an employee inadvertently bumping a server. This makes physical security even more critical.
In short, monitoring for physical threats at the edge requires special consideration:
People: Managing Risk
When we talk about infrastructure security, the first thing that comes to mind is protection from sabotage, espionage or data theft. While the need for protection against intruders and the intentional harm they could cause is obvious, the hazards caused by the ordinary activity of personnel present a greater day-to-day risk in most edge environments.
In traditional data centers, procedures and safeguards are in place to restrict rack-level access and entry to secure areas to credentialed personnel. This reduces the potential for accidents and malicious internal threats. In some edge environments, such as retail point-of-sale (POS) locations where IT equipment is generally placed within highly accessible areas like stock rooms or large warehouses, these types of security measures are more difficult to control and increase the odds of unplanned downtime due to human error.
Environment: Protecting Against the Elements
Physical security is often associated with access control, but it also offers protection from damage due to fires, floods, chemical leaks or other environmental threats. Even the most common elements like temperature can pose a significant risk if not considered when deploying at the edge. For example, if a network cabinet is enclosed on a factory floor where manufacturing process causes the temperature to run irregularly high compared to the rest of the facility, it could result in excessive severe intake temperatures or overheating of IT equipment and lead to system failure and costly downtime.
Guarding the Edge
Organizations should consider implementing the following security and environmental monitoring technologies to combat physical security threats at the edge and ensure system continuity:
- Access control devices: Some access control devices—card readers and biometric scanners, for example—capture data from access events, such as people’s identities and entry times. If network-enabled, these devices can provide this information to a remote management system for monitoring and logging (who’s coming and going), device control (lock configuration that allows access to certain people at certain times) and alarm (notification of repeated unsuccessful attempts or device failure).
- Video surveillance: A camera management system can track facilities personnel, vendors, security personnel, custodians and other visitors who access edge IT equipment. The system can determine who was in the room, at what time, and detect whether the visitor unplugged an existing piece of equipment or plugged in a new piece of equipment, and so on.
- Environmental sensors: Various types of sensors (enabled by the Internet of Things (IoT) or otherwise) can be used to provide early warning of trouble from threats. User-set thresholds generate alarms via text message, email or system postings when conditions such as temperature and humidity rise beyond accepted levels. While sensors supply raw data, the analysis and interpretation of this data are equally important. It is essential to be able to filter, correlate and evaluate the data to determine the best course of action when out-of-bounds events occur. The most effective and efficient way to collect and analyze sensor data and trigger appropriate action is with “aggregators.” Rather than sending all sensor data directly to a central collection point, it is usually better to have aggregation points distributed throughout the edge environment, with alert and notification capabilities at each aggregation point. This not only eliminates the single-point-of-failure risk of a single central aggregation point but also supports point-of-use monitoring of remote server rooms and IT closets.
- Remote monitoring tools: Edge deployments in remote sites such as branch offices and local point-of-sale (POS) locations further highlight the need for monitoring services, where it is impractical and unreliable to have someone physically present to monitor conditions such as temperature and humidity. Newer, digital, remote monitoring services run on cloud-based platforms and offer benefits such as 24/7 monitoring, data analytics, reduced downtime and lower mean time to repair. For edge deployments that have no dedicated on-site IT support, some remote monitoring services can provide added field service support in the event of an outage or if a piece of equipment needs repair to quickly resolve the issue and minimize downtime.
Edge IT deployments offer the benefits of faster data processing, reduced latency, and greater connectivity but also operate without borders, presenting a security risk, whether it be from malicious or accidental activities. When planning for reliability and resiliency in this type of environment, it is critical that physical security is holistically viewed and proactively monitored to protect against environmental threats and human intrusions to ensure the benefits of edge computing are realized.
About the Author: Ron Catanzaro is an experienced sales and marketing executive who has been with the Schneider Electric team for over 24 years. His in-depth knowledge of power for both the commercial and residential spaces serves him well in his current role of Vice President of Rack Systems. He focuses his professional time on creating and delivering physical infrastructure solutions for cloud, regional and local data centers.