Securing the Data Centre

The volume of data stored and processed in data centres continues to grow at a phenomenal rate. There is an estimated 2.5 million square metres of commercial data centre space across Europe alone (compared to 10,000 square metres in 1990).

As the volume of data increases so too does the value - and the business impact of an outage. Protecting systems both physically and logically is critical.

VigilancePro® provides a number of features to provide strong security around computer rooms, secure computing facilities and data centres, in line with the controls within ISO 27001 – the global standard for information security best practice.

  • Integration with physical security systems to protect the facility – and areas within the facility.
  • Use in conjunction with terminal services to secure remote access to systems – by users (particularly privileged users) but also by partners and vendors.
  • Use on individual critical servers to provide highly granular control over what users and administrators can do, combined with contexts such as time and location.

Physical Security Integration

VigilancePro integrates with physical security systems such as CCTV and physical access control systems to significantly enhance one or multiple physical perimeters. Access to the data centre - as well as to specific areas, rooms or racks within the data centre - can be strictly controlled and combined with the logical access granted to individual users.

Unauthorised users that gain physical access to a computing facility are prevented from gaining logical access to systems and the data they contain.

  • Integration with physical systems can be used to ensure that certain actions can only be conducted at the server - and not remotely (an Administrator must be physically present within the facility ‘at the rack’, with console access, to make certain system changes).
  • Low man count policies can be enforced – specific actions cannot be carried out when the number of people present falls below a predetermined threshold.
  • Physical changes to hardware – and the use of removable devices such as USB flash drives, can be monitored and managed.
  • A full visual audit trail of events – with supporting CCTV imagery and access control system information – is provided centrally. Real time alerts via email or SMS can be sent to security staff, operations management, and senior management personnel as a result of specific events.

Administrator or “Privileged User” Activity

  • Use of particular commands, menu options and buttons can be monitored, or prevented.
  • VigilancePro – through creation of application black and white lists – can provide powerful and granular control over what applications, tools and utilities Administrators can and cannot use – independent of their system privileges / rights.
  • VigilancePro can allow Administrators access to particular folders but prevent them from opening and viewing the content of files within those folders.

Even if other logical security controls are circumvented the activity a remote attacker can carry out on a server can be strictly limited – and all activity will be logged in detail.

Transaction Authentication

Through integration with biometric devices specific actions, transactions or operations on critical systems can require the user to prove who they are. For critical application servers a Shutdown during normal working hours may require the user to authenticate before the shutdown can be completed, or the user may be asked to authenticate before changing the Administrator password or other account details. The requirement to authenticate can be linked to any menu option, button, or keystroke combination within any application.

Securing Remote Access

The VigilancePro Terminal Server Agent provides a simple yet sophisticated solution to ensuring remote users, including Administrators, only have access to the specific functions, commands, and files and folders of a system that they need.

Particularly sensitive or potentially damaging commands or operations can be restricted so that they must be carried out from the console port – physically within the data centre environment at the rack.

Using terminal services for remote access ensures strong security combined with a full visual audit trail of all remote access activity. Remote access by third parties – such as vendors conducting troubleshooting or remote maintenance – can be strictly monitored and controlled.