Is Your Data Center Prepared for GDPR? Consider These Methods of Compliance
April 12, 2018
Security has always been a key consideration in the data center industry, but the upcoming European GDPR regulations have increased data protection and security policy priority. In a recent article featured on TheStack.com, Chatsworth Products (CPI) expert and European Business Development Manager, Luca Rozzoni, discusses methods of ensuring compliance and data center General Data Protection Regulation (GDPR) readiness.
Regulatory and Compliance Requirements
GDPR requirements will be enforced on May 25, 2018 and will affect organizations worldwide. While organizations located within the Europe must comply, every organization collecting or processing data for individuals within Europe should be developing their compliance strategy. The UK Government has indicated that it will implement an equivalent set of legislation and UK organizations must review their security practices in regards to the protection of personal data. They also need to consider their own routes to compliance.
How Should Data Centers Prepare?
While every organization is expected to use their own judgement to ensure they have taken appropriate technical and organizational measures to ensure compliance, Regulation (EU) 2016/679 stresses the need for secure IT networks, and provides an example of 'preventing unauthorized access to electronic communications networks and malicious code distribution and stopping "denial of service" attacks and damage to computer and electronic communication systems.' Simply put, while access control may seem an obvious part of any security policy, data centers much be able to demonstrate that they have the appropriate access policies in place.
Cabinet-level security has always been an important part of data centers' data protection and security policies. Strict regulatory compliance requirements, such as HIPAA in healthcare and PCI DSS in online retail, demand audit logs of every access attempt as part of physical access control to help ensure data privacy and security. Automatic logging of cabinet access is also important. This makes sole reliance on mechanical keys not effective at best and, at worst, has the potential of resulting in privacy-related lawsuits.
Electronic Access Control (EAC) Solutions
Electronic Access Control (EAC) solutions are essential in addressing user access management issues within the data center and can be an extremely cost-effective method of delivering intelligent security and dual-factor authentication to the cabinet.
Here are some key features to consider when selecting an EAC solution:
- Dual-Factor Authentication: Dual-factor authentication takes data security to another level. One of the most secure forms of physical access verification is biometric authentication. A cost-effective and secure dual-factor authentication solution is a finger-print activated card that is able to work with existing EAC or other card-activated locks.
- Remote Management and Reporting: Using a simple, user-friendly web interface to remotely manage the networked EAC locks allows the user to remotely monitor, manage and authorize each cabinet access attempt. Using this type of intuitive interface provides an audit train for regulatory compliance.
- IP Consolidation: Data centers can realize dramatic savings in networking costs and deployment times through the ability network several locks through IP consolidation. It is now feasible to choose a solution that will allow up to 32 EAC controllers (32 cabinets) to be networked under one IP address.
- Combining EAC with Environmental Monitoring: Choosing an EAC solution that offers added benefits, such as environmental monitoring, can ensure a much faster return on any initial investment. Solutions that can monitor both temperature and humidity through the same web interface and issue proactive notifications and help prevent downtown.
Learn more about GDPR requirements and how your data center can prepare. Read the full article.