Preventing Consumer Data Breaches with Electronic Access Control

Preventing Consumer Data Breaches with Electronic Access Control

Preventing Consumer Data Breaches with Electronic Access ControlThe recent, widely publicized upsurge of cyber attacks on major retailers has brought the need for stronger security controls to the forefront of the retail industry. Regulatory bodies are placing a stronger emphasis on consumer data protection, making it more important than ever for retailers to ensure that their security administration complies with industry standards.

For IT managers tasked with securing retailers’ customer information, implementing the appropriate software programs is essential, but they must ensure physical security of this data as well. IT managers can safeguard valuable consumer information within the data center by extending the same level of security used to access the building perimeter down to the server cabinets and enclosures that house customer data.

Intelligent electronic locks, for instance, offer an extra layer of access to existing physical security solutions when integrated into server cabinets. When combined with access control devices, such as RFID card readers, rack level electronic locks can be networked with the building’s security system to create one cohesive security network. This network can then be used across the data center to control access and demonstrate compliance with data protection regulations.

Meeting Compliance Requirements

Physical security is critical in the protection of valuable data and IT infrastructure, and is mandated by regulatory initiatives that affect the retail industry. Retailers found with non-compliance of industry standards and consumer protection laws that they face significant fines and penalties.

The Payment Card Industry Data Security Standard (PCI DSS), for example, advises the technical and operational requirements for protecting the information of credit card holders. PCI DSS includes standards for tracking and monitoring access to network resources and cardholder data, which includes server cabinets that house this information. Non-compliance with PCI DSS can result in fines, card replacement costs, costly forensic audits and brand damage in the event a breach does occur.

Electronic access solutions can be used to reduce the risk of non-compliance with PCI DSS due to the audit trail capabilities they provide. Electronic locks and access control devices can be integrated with the facility’s security network so access can be monitored in real time – from building entry down to equipment access. When a data center cabinet is opened or closed, a signal is sent to a monitoring system to confirm and log access. This digital record of activity can then be used to demonstrate accountability and reconstruct security breaches should they occur.

Identifying Authorized Personnel

Networked electronic access solutions work with existing user credentials to keep server racks secure, providing an extra layer of security to enclosures that contain wireless access points, network jacks, gateways, handheld devices, networking communications hardware and telecommunications lines.

A complete solution, which includes an access control or input device, an electromechanical lock or latch and remote monitoring capabilities, can connect building security and rack level access though a simplified, flexible platform. Securing server cabinets with electromechanical locks eliminates key inventory and distribution issues commonly associated with mechanical locking mechanisms and ensures that only authorized personnel have access to sensitive equipment and information.

For instance, many data centers already use electronic access control devices like RFID cards and unique pin codes to identify employees, and restrict or grant access to specific areas within the data center. Electronic locks that have been networked into the data center’s security infrastructure can be activated using existing user credentials. Access can then be easily restricted or granted by the IT manager as required.

Electronic locks can also be linked to security and environmental systems. Connecting them to IP video cameras and rack monitoring systems gives facility managers an additional tool for tracking access activity. Additionally, in the event of a power failure, electronic locks can also be equipped with a mechanical override system that enables manual access to enclosures.

Preparing for the Future

As the retail industry continues to expand the scope of its security administration to prepare for the ongoing risk of security breaches, IT managers must extend security measures down to the rack level. IT managers can ensure compliance and prevent data breaches by adding access control devices to the data center enclosures and cabinets that house retailers’ consumer information. By replacing traditional lock-and-key mechanisms with electronic locks and access controllers, IT managers can leverage existing employee ID badges and credentials to promote accountability, protect customer information and ensure compliance with industry regulations.

About the Author

Steve Spatig is general manager of Southco’s Electronic Access Solutions Strategic Business Unit and has over 15 years of experience working in various design engineering and product management capacities with the company.

Featured

  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

Webinars

New Products

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3