Badge systems for entry and tracking in the data center

Expert JP Callahan explores the world of badge system entry to the data center and reminds users to always back their security technology with a good process,i.e. two-factor authentication.

We are in the process of looking to upgrade our badge system for entry and tracking in our Data Center. Is there a "standard" looking 5-6 years into the future that we could look at? Have there been significant technological changes we should be aware of?
I recommend a couple of things. First and most importantly, check with the higher authorities in your state about any current standards that must be implemented. The US federal government has recently been working to implement such a standard in Homeland Security Presidential Directive (HSPD) -12. HSPD 12 requires a Common Identification Standard for all federal employees and contractors.

Many states are also looking at implementing similar requirements. Under HSPD 12, all federal employees and contractors will be issued an access card that not only controls their physical access, but these "smart cards" also enable their logical access.

Other technological advancements are on the horizon in addition to the federal government's "smart cards." One company is adding a biometric fingerprint reader to the card that requires correct users to have their finger read at the door. Pretty high-tech, but the cards are running about $150 a pop and that's a little pricey for my application.

The technology behind the actual cards has remained fairly static over the years. The issue for many is whether to use a standard format for the card or go to a custom format. A card's format is based on the number of bits used to differentiate one card from another, with 26-bit format as the general standard. Using a custom format reduces the likelihood that duplicate cards might exist. But using the standard format reduces costs. Check with your vendor for actual pricing differences.

Regardless of what technology you wind up adopting, you should never rely on the card alone as proof-positive of personal authentication. In the security world, you always want at least two-factor authentication (TFA) to allow access to the critical areas of your data center. Two-factor authentication refers to (1) "something you have" and (2) "something you know" -- or in the case of a biometric implementation, "something you are".

One option to keep costs down is implementing TFA only at the main door to the building. This works by requiring all personnel to enter or exit through that door, using TFA for access. Once past that door, you've established this individual is in possession of their access card and you can use badge-only readers for the rest of the building. Another option is to implement additional TFA on the most sensitive interior areas of your building.

Dig Deeper on Enterprise data storage strategies