Welcomed In: Social Behavior and Data Center Security

Security can be breached with human engineering
Who is controlling access to your data center?

The following are actual recent experiences in environments where data security should be at a premium:

  1. An organization that prides itself on data center security waves in a lobby visitor (who has signed in) upon a request to use the restroom before a meeting, without an escort.
  2. A friendly visitor to a data center tells a security guard that he left his sport coat in a conference room and is buzzed back in to retrieve it, without an escort.
  3. After offering a visitor a soft drink, and while still logged into her workstation, a receptionist walks down a hallway to retrieve a bottle of water.
  4. A delivery person with bags of submarine sandwiches is waved through data center security and given directions to where a meeting is taking place.

It is important to note that all of those people appeared to have reason to be there and in some instances were familiar faces. But all four of the common situations above should raise red flags for anyone with an interest in maintaining an acceptable level of data center security.

A key factor to data center security is your employees being trained to be pleasant but firm. Whether your facility merely houses a server closet or is a large multi-tenant data center facility with major enterprise tenants, there should be a healthy skepticism toward anyone without a clear reason to be there, and clear policies in place to protect access to sensitive areas.

Employees with a willingness to help others seems like an asset for a company to have. But when it comes to protecting your network infrastructure, it can a weakness to be exposed.

Someone seeking to access your network or data center will seek out accommodation and create scenarios to take advantage of a person’s trusting nature. Anyone in an environment where data should be secured needs to be aware of that.

Your employees should be pleasant and professional. But they should also be firm about access and the need for visitors to have escorts. And they should be willing to engage in slightly uncomfortable social behavior that inconveniences others for a moment or two, every time.