How do I implement an access control system in the data center?

Implementing an access control system improves data center security. Expert JP Callahan discusses how.

When erecting your thin wall for audit approval, do not forget to include some form of access control system, which should be used to keep an audit trail of the physical access to the space. These types of systems can be tied into the building's electronic access control system (if one exists) or it can be a standalone unit.

As a guide, the authorized access list should be restricted commensurate to the restrictions the organization places on root level server access. Access should be restricted to those individuals (plus necessary facility personnel) required to support the environmental and network infrastructure.

If the access control system is tied to the building's system, ensure there are controls in place to approve and authorize access list changes. This will negate building security administrators simply granting access because someone asks for access.

Standalone or independent systems give you more control, but add to the complexities of tasks on a usually already overburdened IT staff. However, some audit standards mandate this level of control.

Additionally, it would be worthwhile checking with the audit team to ensure their requirements are addressed in the design process. That will eliminate your discovery of something post-construction that you should have included.

ABOUT THE AUTHOR: JP Callahan is a former counter-intelligence agent with the U.S. Department of Defense and currently runs data center security for Verizon Business, the company's data center hosting arm.

Dig Deeper on Data center design and facilities