0 Data Center Security - Biometrics

Biometrics is the science of identifying and analyzing human biological data. Today, biometrics is commonly used in IT environments to control access to sensitive areas of information.  Things like DNA, fingerprints, irises, voice patterns, and facial patterns can all be used in the authentication process. Biometric identification is becoming increasingly common in data center security systems to control access to the facility.
A Biometric identification system inside a data center usually consists of:

• A scanning device
• Software that converts any scanned information into a digital format
• A database holding biometric data for comparison

Once the biometric data is converted, software identifies match points in the scan. An algorithm then translates that data into a numeric value - a full image of the scan is never retained in the database. The data center also encrypts the data before storing it to protect against identity theft. When a user requests access, they allow a scan to be taken at the point of entry then the system compares the numerical value held in the database against the biometric information captured by the scanner. The user is then either accepted or denied depending on successful verification of the match points.

Biometrics in Data Centers
Data centers use biometrics primarily to control access to the various areas within the facility. Networked biometric access control systems extend all the way from entry to the building to the individual cabinet storage areas. The onsite physical security is a key requirement for potential customers, and this multi-layered security system is the best way guarantee a fully secured site.
Biometrics at the Point of Entry
Wall-mounted recognition units control entry into the most sensitive areas of the data center, commonly those that are beyond the lobby. All authorized personnel are entered into the facilities biometric database in the form of a biometric template. To pass through the system, an authorized user enters a pin code and allows the reader to take a scan. If the scan matches the information stored in the data base, the system releases the electromechanical lock to allow access. One of the benefits of biometrics is that there are no keys or ID cards to get lost or stolen from authorized users.
Biometrics at Cabinet Level
It is important to control what an authorized user can access after entering the colocation zone of the Dallas data center. It is unusual that any user or member of staff will need to access every cabinet within the facility. After entering the colocation corridor with a biometric scan, each authorized user must complete an additional scan to gain access the colocation area which houses their locked cabinets.
Regulatory Compliance
Various data regulations apply to data centers; these include PCI DSS, HIPAA and FISMA, These regulations focus on physical as well as  network security, and require the facility to limit physical access to hardware containing sensitive data, health records or classified information. A biometric system provides a complete audit trail throughout the facility. If a breach occurs, the data center can easily demonstrate to compliance auditors which individuals accessed the facility, the timing, and their movements within the facility.

A combination of video surveillance, armed security personnel and biometrics makes it impossible for an unauthorized individual to gain access to a data center. Once inside the facility the movement and access to hardware of authorized personnel can be easily tracked and controlled. With the help of biometrics, these facilities provide levels of security that are second to none. Users can store their equipment with total confidence against the threat of their sensitive data being compromised.

Ron Brown analyzes different cities in the United States to determine the best locations for data centers and colocation.  He prefers Austin Data Center because of the numerous geographic benefits.