Data Center: Physical Security

2. Incorporated in 1991 Columbus, Ohio headquartered Technology Company � Infrastructure & Services Physical Security - May 2007

3. Data Center Physical Security Trade Tools Physical Security Data Center Best Practices Q&A

4. What are you protecting?

5. Control Objective: Prevent physical access to data center assets by unauthorized people. Tools of the Trade: Smart Cards�becoming Smarter Biometrics�an additional level of security

6. IP Cameras Easy to install Increased Flexibility No more coaxial cables Eliminate infrastructure disruption - Power over Ethernet Devices 1. require no 120 VAC power - /lower cost to install 2. Can be recorded �locally� � leverage their infrastructure- Power over Ethernet Devices 1. require no 120 VAC power - /lower cost to install 2. Can be recorded �locally� � leverage their infrastructure

7. Highly programmable Integrate with other security technology Smart Card and Camera teamwork Camera mix key: Fixed Pan, Tilt, and Zoom (PTZ) Higher level of security w/data encryption Protecting sensitive data Sarbanes-Oxley? OPERS/Jaime? PTZ: tamper-proof, zoom capacity to zero in, auto-flip (Camera Head), e-flip (video image)Higher level of security w/data encryption Protecting sensitive data Sarbanes-Oxley? OPERS/Jaime? PTZ: tamper-proof, zoom capacity to zero in, auto-flip (Camera Head), e-flip (video image)

8. Structured visitor procedures should be in place Visitor background check�s cleared Work order reviewed and confirmed Three-factor authentication may need to be applied: Photo Id, authenticated card, and biometric hand scan Visitors may or may not be accompanied by staff and/or security guards Searches for camera phones, bugging devices, software and network devices

9. Lock down/Unlock specific cabinets Remote lock and release Prevent or limit access to other cabinets Used defined control, including door hardware

10. Transition from the �tools� to the processes/approach to making it �all work well together� Two most prominently mentioned best practices: Escalation Auditing Transition from the �tools� to the processes/approach to making it �all work well together� Two most prominently mentioned best practices: Escalation Auditing

11. Transition from the �tools� to the processes/approach to making it �all work well together� Two most prominently mentioned best practices: Escalation Auditing Transition from the �tools� to the processes/approach to making it �all work well together� Two most prominently mentioned best practices: Escalation Auditing

12. Do you have a well-defined Escalation Process? Has the responsible team been trained? Is the process reviewed annually? Transition from the �tools� to the processes/approach to making it �all work well together� Two most prominently mentioned best practices: Escalation Auditing Transition from the �tools� to the processes/approach to making it �all work well together� Two most prominently mentioned best practices: Escalation Auditing

13. Audit of each system impacting data center security: Power Air conditioning Access and Video system Visitor Management Disaster Recovery Plan review Asset Re-Inventory

14. Consider Implementation of Biometric readers, smart cards, and IP Video Camera�s Integration of components improves overall security Audit and review of Security Practice/Systems critical

15. Tom Skoulis, Principal tskoulis@rocs.com 614-485-4980 1159 Dublin Road, Columbus, 43215