Securing the IT Closet

By Craig Jarrett

Silicon Valley was ahead of the curve 15 to 20 years ago when it recognized the importance of securing the IT closet. Today, the rest of the business world is finally catching up, understanding that it is critical to ensure the servers that run a business are just as secure as the front door or business itself.

Securing the IT room has become top-of-mind for companies both large and small. It’s important to only grant access to those who are to permitted to enter into these areas as they contain sensitive information on customers, employees and the business itself.

Only a few years ago it was not uncommon for a company to locate servers out in the open, sometimes in a mailroom or another common area that could be frequented by employees or delivery people. This all began to change with the introduction of government compliance requirements such as Sarbanes-Oxley and HIPPA, which were implemented to protect privacy and data.

Now, publically traded companies need to show compliance with securing their data. This includes providing an audit on who has access to the IT room, even a technician who may be accessing the IT room to set up a system.

The systems now in place to protect the IT room can vary dependent upon the business and their specific security needs. Some implement a simple card reader or keypad on the door, both of which can easily manage and monitor who gains access to the room and at which specific time. Others, such as financial institutions and online retailers, have invested in two-factor authentication or require two people to enter and leave the room at any given time.

Beyond access control, some businesses have even taken securing their IT closet to another level by also installing surveillance cameras to visually monitor the area or vibration and sound sensors to detect an attempt to drill into the room from an adjoining location.

As part of the checks and balance process, it is also a good practice to have a reapproval process every six months, thereby ensuring that if a person no longer requires access to the IT closet it is removed from their credential.

At a bank, a person cannot get into the bank vault unless there is a real need. The IT closet is much the same, containing valuable information, and as such are now protected in a very similar manner.