Securing the Physical Safety of Data with Rack-Level Access Control

Securing the Physical Safety of Data with Rack-Level Access Control

In our networked and internet-dependent world, securing personal and business data from theft, hacking and other forms of cybercrime has become an issue of paramount importance – and the world’s data centers, where data has its physical presence, are key points where multiple layers of security need to be established and sustained.

Consider just two of the many documented costs of cybercrime:

  • Database breaches cost global organizations over $3.62 million annually, based on a 2017 industry study
  • Recent data from IBM Security Services shows that 71 percent of all attacks on the financial industry and 58% of all attacks in the healthcare industry were carried out by malicious insiders or inadvertent actors (accidental events)

In addition, there are multiple regulatory and compliance requirements creating additional layers of responsibility for data center managers, mandating that organizations must limit physical access to information systems, equipment and the respective operating environments only to authorized individuals.

Current data center security practices

Data center operators make significant investments in cyber security, erecting firewalls and deploying powerful software programs to prevent electronic cybercrimes. Increasingly, they focus on controlling the physical security of electronics and telecommunications enclosures as well.

The steady, constant stream of service technicians who need access to the server racks, communications hardware, and electrical and environmental systems for maintenance, upgrade and expansion tasks presents many security challenges for the data center manager. In addition to outsiders, inside personnel are just as much of a risk and need to be managed and secured during their time in the facility.

Many data centers focus security efforts on access control to the grounds, the buildings and the secure areas within:

  • Access to the building is often gated, with exterior physical protection elements to secure the entire site and requires a guard to verify and document entry through the gate.
  • Once an individual enters the facility, they typically sign in with a live guard and receive a credential for access to specific areas.
  • In some facilities, access to a specific floor or enclosure area is further controlled by a “man trap” with two sets of doors accessed via an electronic credential, either RFID or biometric.

Extending physical security to the rack level

The server rack is the final point of data vulnerability in the data center, so it makes sense to consider implementing the same level of sophisticated physical security and access control monitoring already established at every other level of entry in the data center.

Electronic access solutions, like electronic locks and latches, offer a modular security solution designed for simple integration into Data Center Infrastructure Management (DCIM) systems and existing server rack enclosure designs. Integrating electronic access solutions at the rack level offers the maximum level of physical security, providing peace of mind for the data center operator.

Electronic Access Solutions (EAS) typically consist of four main components:

  • Electromechanical Lock or Latch The most critical component of any electronic access system,  this mechanism performs the electromechanical locking or unlocking function upon receipt of a valid electronic signal and provides an output of its status to external monitoring systems.
  • Access Control Device The access controller acts as the human interface, allowing the electronic lock  to be remotely operated through a variety of options, such as digital keypads, biometrics, RFID readers, and other wireless communication devices such as  BLUETOOTH® enabled smartphones and tablets.
  • Remote Monitoring Electronic access solutions have the unique ability to capture an electronic "signature" for each access attempt. This info, together with additional security and environmental data, can be output to a variety of devices, from simple indicator lights to networked, software-based remote monitoring systems.
  • Manual Override In some cases, an override system is required to provide access in the event of a system power failure. This override system can be mechanical, providing direct mechanical actuation of the lock, or electrical, providing external power in the event of a system power failure.

The key element of effective rack level electronic access systems is the use of intelligent electronic locks that restrict access through the validation of user credentials. Electronic locks can be integrated with a variety of rack level access control devices, such as digital keypads, RFID card readers, biometric readers and electronic key systems.

BLUETOOTH® enabled, wireless smartphones and tablets have enabled a new class of remotely controlled access control solutions. With a BLUETOOTH® enabled system, a technician receives a web-generated, time-based electronic key on their smartphone that can be used to access a specific cabinet for a specific time frame. A BLUETOOTH® reader installed inside the cabinet can then receive this digital key and output to the connected electronic lock for access. The smartphone can then send audit trail data wirelessly to the cloud via a cellular or Wi-Fi connection for audit trail reporting. This unique solution provides remote access control without the need for a physical network connection.

Integrating rack level EAS into existing data centers

The primary reason data center cabinets and server racks continue to use standard mechanical key locks is in the numbers: While data centers have relatively few access points to get into the building, there are potentially hundreds of cabinet doors that would need intelligent electronic locks – and usually two are required to accommodate the server rack. Traditional building level access control solutions are simple too costly to apply at the rack level and thus a different approach is required for rack access control.

One option is to leverage existing control and monitoring systems such as Data Center Infrastructure Management (DCIM) solutions, power monitoring systems or dedicated rack security systems. Intelligent rack level electronic locks can be retrofitted to server cabinets and integrated with the DCIM or other rack level security system to leverage the existing hardware, software and network connections, and minimize the cost per rack. 

Cost-effective rack level security solutions are available, depending on the specific application. For example

  • Self-contained solutions that are generally battery-operated and offer simple, drop-in installation and programming to provide integrated access control and electronic locking in a single self-contained device.
  • Standalone solutions that offer basic plug-and-play access control without the need for software or network administration where remote control and monitoring is not needed.
  • Wireless remote controlled solutions that leverage BLUETOOTH®  connectivity with cloud based web portal credential management and monitoring to provide the simplicity of a standalone system with the benefits of a networked control system
  • Integrated solutions that can be combined with building access control and monitoring systems to incorporate cabinet-level access control into existing security systems.
  • Independent networked solutions that can be used to monitor and manage rack access across networks from a host computer for remote system configuration, access control and the monitoring of multiple access points.


EAS enables “virtual cages”

Data center operators, particularly those running co-location operations with dozens or even hundreds of customers, seek to maximize return on their expensive real estate. However, certain customers needing a higher level of security, such as government agencies, healthcare operations and financial institutions, require standalone physical cages separating their servers from others in the data center.

Often, this is literally done by erecting chain-link fencing and securing a gate with a padlock – eating up valuable floor space. Electronic access solutions can be used to create “virtual cages” to protect confidential data. By implementing electronic access at the rack level, the more secure data cabinets can be located among the lower security racks since the physical security enhancement is now directly on the rack itself.

Rack level EAS: the final link in data center security

The entire IT and data center industry must continue to apply every tool available to secure personal and corporate data and applications from identity theft, malware, hijacking and other hacking attacks. Using electronic access solutions to secure the server racks is the final component in creating a fully secure data center. Rack level electronic access provides a controlled physical security solution that, when integrated into existing security and monitoring systems, provides a complete end-to-end data center security solution.


Posted by Steve Spatig on Feb 13, 2018


  • Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

    October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum. Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

New Products

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3