How enterprises can tighten up their IT security
2016-08-29. The baseline protection guidelines issued by the German Federal Office for Information Security (BSI) are a veritable goldmine of pointers to circumstances with the potential to jeopardise IT operations. The BSI catalogues define five categories ranging from basic threats to deliberate acts to describe almost 630 different scenarios which could lead to IT failure or data losses. Anyone planning a project to improve corporate IT security should best begin on the level of physical security – here placing an initial focus on the server enclosures. With the following tips, Rittal would like to assist you in the selection of suitable solutions for smaller IT environments.
The IT enclosure or rack is an important element in any security concept. It enables enterprises to exclude physical access to their internal data by unauthorised persons and offers protection for the sensitive IT components against threats such as corrosive gases, fire and smoke, falling debris, dust, water or electromagnetic interference. In short: It is only with the right server enclosure that it becomes possible to achieve the maximum protection for your particular IT environment.
Server enclosures to increase peace of mind
But which is the right server enclosure for a given environment, and which criteria must IT experts take into account when making their choice? In many cases, a minimum security level can already be derived from branch-specific requirements. In the German banking sector, for example, the Federal Financial Supervisory Authority BaFin is mandated to monitor the IT security stipulations laid down in the Germany Banking Act. Doctors and lawyers must naturally guarantee protection for the confidential electronic files and documents in their possession. Retail traders and craftsmen are just two examples of businesses which frequently store customer data on their premises and must thus protect this information accordingly. A risk assessment on the basis of such requirements yields a certain protection level which must be achieved by a secure server enclosure.
Small-scale IT in the cellar
Another factor is the actual location of the IT systems within the company. Smaller businesses, in particular, will rarely be able to afford an elaborately secured data centre. It is most likely that an IT rack stands in the cellar or in one of the offices. In such cases, it is imperative for the rack to be fitted with a lockable door. Electronic code locks keep time-stamped records of the persons who have accessed a certain enclosure. The availability of such automatically generated records is useful as documentation for an auditor called in to perform a risk analysis, for example. Businesses with a positive business risk profile can also expect to obtain more favourable terms when applying for credit from their banks.
Protection from dust and water
Where a server enclosure is installed in a less sheltered environment, for example in a production hall, the IT components must also be protected against ambient influences. The IP (IP = Ingress Protection) categories use a simple combination of numbers to describe how the enclosure protects its contents. The protection category is specified in the form “IP XY”. The first digit (X) is a numeral between 0 and 6 and defines the protection against solid objects and dust. The second digit indicates the level of protection against water on a scale from 0 to 8. The levels 7 and 8 here stand for temporary or permanent immersion in water, respectively. In a normal office environment, a protection rating of IP 20 would already be adequate for an IT rack. Industry-compatible solutions, e.g. installations within the framework of the Industrial Internet (Industry 4.0) initiatives, on the other hand, require protection measures up to IP 55. The TS IT server rack and network enclosure from Rittal meets precisely these demands. It offers protection against dust, dirt and liquids compliant with protection category IP 55.
Protect data as you would the family jewels
Standard IT racks already offer a good level of protection, but there are still situations in which the implementation of extra protective measures is expedient. For such cases, a security safe places an additional protective shell around a server enclosure, providing for greater physical security and further improved access control. For operators of smaller IT environments with just a few racks, the alternative of a security safe saves the otherwise costly conversion of the whole IT room should enhanced security measures become necessary. Especially for smaller and medium-sized business with just two or three server racks, safes are a quickly realised option to upgrade IT security. Depending on the chosen security class, a safe also protects IT components against the effects of fire, smoke and water. The solutions available on the market include a diversity of climate control, power distribution and early fire detection and extinguishing systems. When considering an investment, it is important to observe the structural load-bearing capacity at the intended place of installation, as these systems may exert a floor load of up to 1,000 kg. Some manufacturers also offer additional security enclosures as a retrofit for existing IT racks.
One of the suppliers of IT security safes is Rittal: its “Micro Data Centre” is available in a number of variants offering different levels of protection and permits IT installations to be operated in a protected room up to resistance class 4. The security housing establishes a fully protected zone around a 19-inch rack with 42 or 47 height units (U) available to accommodate the IT components. In case of fire, the guaranteed fire resistance of 90 minutes in accordance with DIN 4102 (F90) is observed: The temperature inside a Micro Data Centre increases by no more than 50 degrees during the first 30 minutes of a fire, and the relative humidity remains below 85 per cent. The safe is also resistant to dust and powerful water jets (IP 56) and offers a variable degree of burglar resistance with test documentation based of DIN EN 1627. Fumes and smoke, as generated after extinguishing a fire in the vicinity of the Micro Data Centre will not penetrate the enclosure.
Further increased fail-safe reliability
The security measures realised at the level of the IT rack can be viewed as the core element within an overarching security concept. Where the nature of an IT infrastructure calls for even tighter security provisions, redundant data centres could be operated at two separate, unmarked locations, with mirrored components and observance of a minimum geographical distance between the two sites. In addition, data centre operations – and thus the unbroken availability of critical processes – can be safeguarded by way of a comprehensive business continuity plan, with contingencies to minimise the impact of potential system failures. With such approaches, IT organisations achieve an extremely high level of fail-safe reliability and secure the operative functionality of IT workplaces throughout the company.