Question

Why are physical locks alone not a sufficient security control to protect organizational assets? How is the concept of "defense in depth" enforced with respect to physical security in a data center? How can insufficient climate controls in a data center affect the hardware?

Answer 1

Physical security is one of the vital factors to prevent the exploitation of assets and resources of an organization. Physical security threats can be man-made or act of nature and it is essential to protect the organization against that. But implementing physical lock alone can't ensure security control.

In this era of technology, it is hard to ignore phishing and hacking. Every time a new connection is a new threat to how your data can be exploited. Keeping logical cybersecurity is most important to be kept in mind. A good security control needs to take proper measures to ensure the cybersecurity in the organization as data is the most vital resource they have. Also,

• Protection against malicious software /spyware is must to implement.
• Anti-spam software should be used to protect email inboxes from being clogged by unwanted sources.
• Anti-phishing software saves your data to be used for fraudulent purposes.
• Firewalls should be used to protect the system from unknown access to the organization's system.

Defense in depth

Defense-in-Depth is an IA construct in which multiple, related, organizational actions and controls are applied to minimize failures. When Defense-in-Depth is achieved, we also achieve reliability, resilience and the ability of IT systems to withstand attacks with minimal impact on services.

Defense-in-Depth is enforced with respect to physical security in data centres to ensure solid protection against cyberthreats and helps block data threats before they reach the endpoint. The three main controls needed to build the architecture of defense-in-depth strategy is:

• Physical Controls: These are the physical security schemes implemented to avoid any physical harm to the organization.
• Technical Controls: It is the protection methods to ensure the security of network systems. It includes software, hardware and network-level protection within a company's specific technical controls.
• Administrative Control: Defines a set of policies and procedures to be put in place by the organization to be followed by the employees. It includes training employees to label sensitive information as "confidential".

Climate control in data centers

The climate of a particular place has a lot of effect on the performance and working of the hardware. Even quality hardware suffer poor performance if kept in bad ventilation and climate. This especially matters if the climate is humid or warm. Having a proper understanding of climate factors hence becomes a vital part of how we plan our organisational decisions.

Some of the factors to be kept in mind are:

Humidity control: Too much moisture and humidity can be the recipe of disaster in a dedicated server. The chances of the hardware to short out or be adversely affected by the moisture increases with the rise in humidity levels. The humidity levels should be kept at 50% to maintain the smooth functioning of the hardware servers and reduces the risk of hardware damage.

Temperature control: It is extremely important to keep a temperature check for the better performance of hardware. Overheating and slow working are a few consequences of excessive temperature rise. A proper working temperature needs to be maintained for the proper working environment.