Preventing Consumer Data Breaches with Electronic Access Control

Preventing Consumer Data Breaches with Electronic Access Control

  • By Steve Spatig
  • Jul 07, 2014

Preventing Consumer Data Breaches with Electronic Access ControlThe recent, widely publicized upsurge of cyber attacks on major retailers has brought the need for stronger security controls to the forefront of the retail industry. Regulatory bodies are placing a stronger emphasis on consumer data protection, making it more important than ever for retailers to ensure that their security administration complies with industry standards.

For IT managers tasked with securing retailers’ customer information, implementing the appropriate software programs is essential, but they must ensure physical security of this data as well. IT managers can safeguard valuable consumer information within the data center by extending the same level of security used to access the building perimeter down to the server cabinets and enclosures that house customer data.

Intelligent electronic locks, for instance, offer an extra layer of access to existing physical security solutions when integrated into server cabinets. When combined with access control devices, such as RFID card readers, rack level electronic locks can be networked with the building’s security system to create one cohesive security network. This network can then be used across the data center to control access and demonstrate compliance with data protection regulations.

Meeting Compliance Requirements

Physical security is critical in the protection of valuable data and IT infrastructure, and is mandated by regulatory initiatives that affect the retail industry. Retailers found with non-compliance of industry standards and consumer protection laws that they face significant fines and penalties.

The Payment Card Industry Data Security Standard (PCI DSS), for example, advises the technical and operational requirements for protecting the information of credit card holders. PCI DSS includes standards for tracking and monitoring access to network resources and cardholder data, which includes server cabinets that house this information. Non-compliance with PCI DSS can result in fines, card replacement costs, costly forensic audits and brand damage in the event a breach does occur.

Electronic access solutions can be used to reduce the risk of non-compliance with PCI DSS due to the audit trail capabilities they provide. Electronic locks and access control devices can be integrated with the facility’s security network so access can be monitored in real time – from building entry down to equipment access. When a data center cabinet is opened or closed, a signal is sent to a monitoring system to confirm and log access. This digital record of activity can then be used to demonstrate accountability and reconstruct security breaches should they occur.

Identifying Authorized Personnel

Networked electronic access solutions work with existing user credentials to keep server racks secure, providing an extra layer of security to enclosures that contain wireless access points, network jacks, gateways, handheld devices, networking communications hardware and telecommunications lines.

A complete solution, which includes an access control or input device, an electromechanical lock or latch and remote monitoring capabilities, can connect building security and rack level access though a simplified, flexible platform. Securing server cabinets with electromechanical locks eliminates key inventory and distribution issues commonly associated with mechanical locking mechanisms and ensures that only authorized personnel have access to sensitive equipment and information.

For instance, many data centers already use electronic access control devices like RFID cards and unique pin codes to identify employees, and restrict or grant access to specific areas within the data center. Electronic locks that have been networked into the data center’s security infrastructure can be activated using existing user credentials. Access can then be easily restricted or granted by the IT manager as required.

Electronic locks can also be linked to security and environmental systems. Connecting them to IP video cameras and rack monitoring systems gives facility managers an additional tool for tracking access activity. Additionally, in the event of a power failure, electronic locks can also be equipped with a mechanical override system that enables manual access to enclosures.

Preparing for the Future

As the retail industry continues to expand the scope of its security administration to prepare for the ongoing risk of security breaches, IT managers must extend security measures down to the rack level. IT managers can ensure compliance and prevent data breaches by adding access control devices to the data center enclosures and cabinets that house retailers’ consumer information. By replacing traditional lock-and-key mechanisms with electronic locks and access controllers, IT managers can leverage existing employee ID badges and credentials to promote accountability, protect customer information and ensure compliance with industry regulations.

About the Author

Steve Spatig is general manager of Southco’s Electronic Access Solutions Strategic Business Unit and has over 15 years of experience working in various design engineering and product management capacities with the company.

Featured

  • Progressing in Capabilities

    Progressing in Capabilities

    Hazardous areas within industries like oil and gas, manufacturing, agriculture and the like, have long-sought reliable video surveillance cameras and equipment that can operate safely in these harsh and unpredictable environments. Read Now

  • A Comprehensive Nationwide Solution

    A Comprehensive Nationwide Solution

    Across the United States, manufacturing facilities, distribution centers, truck yards, parking lots and car dealerships all have a common concern. They are targets for catalytic converters. In nearly every region, cases of catalytic converter thefts have skyrocketed. Read Now

  • Planning for Your Perimeter

    Planning for Your Perimeter

    The perimeter is an organization’s first line of defense and a critical element of any security and surveillance program. Even if a building’s interior or exterior security is strong, without a solid perimeter surveillance approach any company or business is vulnerable. Read Now

  • The Key Issue

    The Key Issue

    It is February 2014. A woman is getting ready in her room on a cruise ship when she hears a knock on the door; it is a crewmember delivering breakfast. She is not presentable so she tells him to leave it by the door. Read Now

Most   Popular

Featured Cybersecurity

New Products

  • Schlage RC reader controller

    Schlage RC Reader Controller

    This new innovative device combines the power of the Pure IP™ access control technology pioneered by ISONAS with Schlage’s intelligent hardware and credentials, delivering a comprehensive and cost-effective perimeter solution to customers. 3

  • ABLOY IP54-rated Integrated Dust Cover

    ABLOY IP54-rated Integrated Dust Cover

    One of the things that keep security managers on high alert is the real possibility the security locks used to safeguard their properties may unexpectedly fail due to environmental conditions. 3

  • Camden Door Controls ‘SER” Surface Boxes and Extension Rings

    Camden Door Controls ‘SER” Surface Boxes and Extension Rings

    Camden Door Controls has introduced new ‘SER” surface boxes and extension rings that provide a complete solution for new construction. In addition, they provide a simple and robust solution when replacing round wired and manual push plate switches with either Camden’s wired or wireless SureWave™ no-touch switches or Kinetic™ no-battery wireless switches. 3