As Total Security Solutions CEO Jim Richards recently noted, “data is where the value is,” making data centers an attractive target for a wide variety of bad actors—from teams of criminal hackers to the Kremlin and other foreign agencies. Even seemingly non-critical services—like Twitter—have become vital resources during disasters and emergencies.
As off-site data storage and cloud computing become a daily necessity in every facet of our lives, a single data center may store information and house services for a wide range of public and private entities. Data centers are the place where private business continuity and disaster recovery planning (BCP) and public continuity of operations planning (COOP) tend to come together in assuring the stability of U.S. infrastructure when disaster strikes. And, for that reason, security professionals and physical security specialists—not to mention homeland security planners and public safety professionals—are taking the physical security of data centers increasingly seriously.
But even as many best-practices checklists (like this one for SAS 70 Compliance) are beginning to take bullet resistant security into account, there are still many misconceptions about how to best address the physical security needs of data centers.
Two Traditional Categories of Bullet Resistant Barrier Systems
For the most part, bullet resistant barrier systems fall into two broad categories: Retail and Reception.
The classic Retail System would be a bank: Staff are on one side, customers on the other, and while it is rare for anyone to need to pass through the barrier, they do need to communicate clearly and pass small items easily and securely. These systems are seen in a wide variety of settings: 24/7 convenience stores, high-risk gas stations, pharmacies, municipal utility payment offices, and so on.
Reception Systems were once relatively rare, but are now increasingly common (especially in the urban core). A classic example might be a school’s secure vestibule entryway. Here there is a small reception area entirely open to the public and separated from the building by secured bullet resistant doors. A secure receptionist can vet identification before permitting visitors through. Like Retail systems, these Reception systems also have large bullet resistant windows and communication systems, but the windows tend to be smaller and simpler, where-as the bullet proof doors and access control systems are more developed. Other examples of Reception systems include police stations, hospitals, courthouses, some jewelry stores, and corporate offices.
Both types of systems presume a lot of foot traffic (usually because the building itself is located in a densely populated or high-traffic area), a heavy reliance on face-to-face communication between staff and visitors, and the need to only secure a few critical “bottlenecks”—usually entryways, or a small publicly accessible space.
Data Centers Have Different Security Profiles
As Jim Richards has found over the last several years, data centers make for a very different security scenario: “First off, we see these centers going into areas that that are more remote—Iowa, Wyoming, Utah, Arizona. They’re favoring places which are the most stable, geologically and in terms of weather. In contrast to a bank or federal building, these centers don’t need to be near population centers, and just don’t have that many unexpected visitors. So the [ballistic] systems they need are quite different, because the focus isn’t about making it easy for people to do business face-to-face while protecting them.”
Additionally, there is no bottleneck to secure. Data centers need to isolate many individual spaces and server rooms throughout the building—something more akin to fire protection strategies than traditional bullet resistant security measures. When people think “bullet proof,” they almost always think of “bullet proof glass” (even though it’s technically “bullet resistant thermoplastic“). But there just isn’t much glass in a data center. As Jim notes:
“Most traditional bullet resistant barriers are focused on ballistic windows, transaction areas, deal trays, and passers. In a data center, we don’t need that. They want to secure walls and doors, with a good access control system tying it all together. That means lots of fiberglass for the walls, lots of doors, and maybe an entryway.”
Data Centers Focus on Access Control
In contrast to many companies—especially smaller local outfits—TSS has a great deal of experience partnering with their client’s preferred access control vendors. Every TSS door is custom built, and can be engineered to easily accept any control devices, wire runs, and strikes your access system demands. Since data center installations tend to be extensive but straightforward (installing fiberglass paneling in the walls is not that different from drywalling), many centers opt to use local contractors or in-house facilities staff. TSS offers ample support to vendors and other trades, security professionals, and in-house staff, guiding them through a smooth installation process.
Company: Total Security Solutions Inc
With security and privacy in the news seemingly every day, people are becoming more mindful of safeguarding personal information. A lesser-known privacy issue is the possibility of a hacker gaining control of the videoconferencing camera in your laptop, or even in conference rooms. In addition to gaining access to the computer network in this way, hackers can also eavesdrop and watch through the camera. Draper has developed a new white paper entitled “Is Someone Watching” which details this issue, and offers some solutions to deal with it.
Could someone potentially be watching and listening to you conduct business via the videoconferencing camera in your conference room—even when it isn’t supposed to be on? The importance of keeping videoconferencing cameras out of the room when not in use is underscored by at least two incidents in recent years.
The first came in January of 2012 when HD Moore—a security officer for the company Rapid7 which looks for security weaknesses in Internet of Things devices—was able to hack into videoconferencing equipment. He was able to control the cameras, panning and zooming all around the room. According to a New York Times article, Moore found his way into venture capital, oil, law, and pharmaceutical companies. He even got into a courtroom remotely through the camera.
The second warning shot came at the 2013 Black Hat Europe, a security conference. During a presentation at Black Hat, Moritz Jodeit showed how to gain root access to video conferencing devices which could allow, among other things, a remote user to take control of the devices—including cameras and microphones.
Does it Really Matter?
Of course, hijacking a webcam on someone’s personal computer and watching in the privacy of a home or office is obviously an intrusion on personal privacy. Even the FBI director and the founder of Facebook are known to put pieces of tape over their laptop webcams for security. But peering into an empty meeting room through a videoconferencing camera isn’t that big a deal, you might think.
Or is it? Much damage can result from overheard business conversations. One might also feel the possibility of a hacker gaining control of a video conferencing camera too remote to think about. However, there are many instances where privacy issues mean that any possibility is too much.
To read the complete white paper “Is Someone Watching,” and to download a free PDF copy, click here.
Company: Draper, Inc.
Of: Terry Coffey
The American Institute of Architects (AIA) announce the release of a new feature – developed in collaboration with Autodesk – that will automate the AIA 2030 Commitment data reporting from energy analysis software directly to the Design Data Exchange (DDx). This collaboration has resulted in an open Automated Program Interface (API) to the DDx, available to any energy modeling software vendor, reducing the duplication of effort using the existing process.
The new automated connection will allow the more than 350 AIA 2030 committed firms to report their project and portfolio performance to the DDx directly from Autodesk Insight 360, a technology addition included in Autodesk Revit and Autodesk FormIt 360 Pro subscriptions. This automated process between Insight 360 and DDx will eliminate the need for manual data entry and eliminates duplication of effort encouraging performance analysis and more frequent reporting throughout the design process instead of annually. The DDx interface is open source with the ability to connect with other energy modeling software providers. Additional vendors are welcome to link up with the DDx system.
Eliminating the overhead of manual reporting not only saves time but it also enables more regular updates so firms can get up-to-the-minute progress on their projects and portfolio. In terms of actually meeting the targets themselves one of the key findings of the 2014 progress report was the critical role that energy modeling plays, and how projects that applied energy modeling were generally higher performing.
For example, of the projects submitted in the 2014 reporting period, nearly 50 percent of the projects where an energy model was created met or came close to achieving the AIA 2030 Commitment goals, whereas 80 percent of non-model projects fell below the 40 percent target. This offering helps to lower the barriers to energy modeling, making it possible to conduct energy modeling on virtually every project, especially from the early stages, but in doing so automatic reporting to DDx is essentially free.
About The American Institute of Architects
Founded in 1857, the American Institute of Architects consistently works to create more valuable, healthy, secure, and sustainable buildings, neighborhoods, and communities. Through nearly 300 state and local chapters, the AIA advocates for public policies that promote economic vitality and public wellbeing. Members adhere to a code of ethics and conduct to ensure the highest professional standards. The AIA provides members with tools and resources to assist them in their careers and business as well as engaging civic and government leaders and the public to find solutions to pressing issues facing our communities, institutions, nation and world. Visit www.aia.org.
Autodesk helps people imagine, design and create a better world. Everyone—from design professionals, engineers and architects to digital artists, students and hobbyists—uses Autodesk software to unlock their creativity and solve important challenges. For more information visit autodesk.com or follow @autodesk.