On this blog, we’ve discussed many of the important elements of data security, including encryption, access controls, multi-factor authentication, password management, and many others. However, no data security strategy is complete without physical control over the hardware. A comprehensive data security system requires physical control over the mainframe hardware and its connected components.
Auditing a mainframe’s physical security cannot be accomplished solely by reviewing data logs and reports. It takes physical observation of the environment. In addition to the digital access management that comes through user accounts, strong passwords, and multi-factor authentication, maintaining control of physical access to the mainframe and its surrounding environment is also important. What follows are a few items to check to make sure that your mainframe system is as secure physically as it is digitally.
Seal the room
Keeping people out of the room containing the mainframe is easy enough. Locks on the doors, security cameras, and other access controls such as access cards and photo IDs should come standard. It is also smart to consider additional physical protection of the room where the mainframe is housed such as biometrics and even security guards. Keeping a strong lock on the door isn’t enough. Access should be restricted to a limited number of people who have both business to attend to and the necessary training and experience to work directly on the mainframe. It is also wise to have background checks performed on everyone granted access (it would be horrible to discover too late that the janitor was a former convicted hacker). However, it doesn’t take someone with malicious intent to do damage to the system. Someone who doesn’t know what they are doing could do plenty of harm.
Protect the lines in and out
In addition to restricting access to the main room where the mainframe is housed, also be certain that the cables connecting the mainframe to the data center and external networks are adequately protected from damage and tampering. Seeing and securing the physical path the cables take from the room the mainframe is in to the data center is a necessary step in completely securing the flow from the mainframe to the various parts of the business. Keeping the network cables safe from hackers sniffing out the traffic on its way out to the data centers or the Internet is nearly as crucial as keeping the hardware itself from being tampered with. Strong data encryption will help to keep data safe, but it is infinitely more secure to operate the system knowing there are no unauthorized parties viewing the data as it passes in and out of the system.
Keep the lights on
Physical security for the mainframe is about more than keeping hackers from accessing data or taking control of the system. It is also about maintaining uninterrupted uptime. The mainframe is famous for its ability to operate uninterrupted year after year. However, if the power to the building is cut, will your mainframe have an adequate fail-over power supply that will keep it running until full power can be restored? Also, are there well-maintained fire extinguishers and other such equipment that will help keep things running safely in spite of potential emergency situations?
Testing for vulnerabilities
Testing out the physical security measures should be a regular part of the security process. Testing both physical weaknesses and determination of security staff both will help maintain the security of the system. Have a high-ranking employee or contractor without proper credentials ask to be let in to work on the mainframe. If the staff lets them in, you’ll know security is not tight enough.
After you’ve checked and double-checked to make sure there are no chinks in the physical defenses of your system, sign up for a free trial of one of our data security products to see how you can make your mainframe security system even more effective and efficient.
Photo Credit: Carlo Alfredo Clerici via: imager.io, cc
