Physical datacenter {in}security?

I do LockSport (competitive lock picking) as a hobby.  Here is an example of a lock which is deemed “Pick Resistant” in the hands of a novice such as myself.  The internal pin mechanisms of this lock is the same as a 5-pin tumbler of a standard keyed door lock or deadbolt

Lockpicking – 3 Ways to Defeat a Brinks Padlock – 1080p from JK-47 on Vimeo.

I am always astounded by how (physically) unprotected peoples datacenters are.

Most people put them only behind a normal ol’ 4 or 5 pin tumbler lock. All you did was prevent me from getting in by 15-30 seconds.

Imagine if all the money you spent on information security did nothing more than prevented an attack and theft of data by 15 seconds.

Some people choose to put them behind fingerprint scanners. That’s adorable… yeah like that would keep me out 😉 I can defeat those with some glue and a laserjet printer.

What about Iris scanners? Ugh. Smoke and mirrors people, they are total B.S. for security theater, and nothing more.

So… what’s the solution??

Sadly, there is not one.  No lock is safe. It doesn’t matter if it is a $1000 Medeco or a $15 Brinks.  All have flaws and exploits.  The best possible course of action is to have multiple methods of defeating a potential thief.

You need to be protecting your data even in the event of a valid theft.  If someone walked away with something, make sure they couldn’t actually use what they took!  Few people are encrypting their data at rest.  NetApp has a great solution for this!

NetApp Storage Encryption (NSE)  provides full-disk encryption without compromising storage efficiency (~ 1% performance overhead).

The NetApp® Storage Encryption (NSE)  is NetApp’s implementation of full-disk encryption (FDE) using self-encrypting drives in 600GB sas and 3TB SATA flavors.

NSE is a nondisruptive encryption that provides comprehensive, cost-effective, hardware-based security that is simple to use. This single-source solution can increase overall compliance with industry and government regulations without compromising storage efficiency.

The NSE:

  • Supports the entire suite of storage efficiency technologies from NetApp, including deduplication, compression, and array-based AV scanning
  • Supports the SafeNet KeySecure encryption-key appliance, strengthening and simplifying long-term key management.
  • Helps you comply with FISMA, HIPAA, PCI, Basel II, SB 1386, and E.U. Data Protection Directive 95/46/EC regulations using FIPS 140-2 validated hardware
  • Complies with the OASIS KMIP standard, offering compatibility with other key managers and encryption devices

More Information: NetApp Storage Encryption Datasheet


More picking fun:

Locks are worthless

Be Sociable, Share!

, ,