Beruflich Dokumente
Kultur Dokumente
1. Background
1. Technological & Industry Challenge,
2. Industry standard & legal Requirement : SSAE 16, ANSI/TIA-
942, SOA,
3. Customer Requirement
2. Optimum Physical Security :
Layering
Think must do :
1. Track people
2. Limit unauthorized employee access to high-priority
areas
3. Provide an audit trail of personnel access
4. Integrate with video to provide a record of an
attempted breach.
4. First Layer :
Perimeter Security
The primary goals of the first layer of data center protection—perimeter
security—are the three D’s: deter, detect and delay.
The goals of this secondary layer of protection are to further restrict access if a
breach has occurred at the perimeter. Indoor surveillance for identification and
monitoring, as well as multiple ID verification methods are a must.
The goals of the third layer of physical security are to further restrict
access through multiple forms of verification, monitor all authorized
access, and have redundant power and communications.
• According to the Chemical Facility Anti-Terrorism (CFAT) performance standards for a Tier 1 facility,
the identity verification system should be “vigorous,” and “all unescorted personnel are issued
electronic photo ID badges that are integrated with the facility’s access control system”
• the SSAE16 auditing requirements state that access to all entry points into and within the data
center should be protected by electronic access control mechanisms that allow only authorized
individuals to enter the facility.
7. Fourth Layer :
Cabinet Controls
The fourth layer of data center physical security further restrict access and continue to
work within an integrated systems framework. Security measures to achieve this include
cabinet-locking mechanisms, audit trails and an intelligent infrastructure strategy