The top 10 server security questions you should be asking
In addition to security at the information technology level, many IT managers underestimate the physical hazards that can paralyze the technical infrastructure in server and equipment rooms.
These include, for example, smoldering fires from faulty insulation that can lead to a fire, water intrusion, excessive temperature and humidity, or unauthorized access to non-public areas. The lack of physical security is also the part of the ISO 27001 audit for implementing a required information security management system (ISMS) where auditors most often find the greatest deficiencies.
According to a study by Hewlett-Packard, about 77% of all companies experience system failures each year, and there are a number of reasons for them. In addition to software failures and human error, physical hazards in particular are among the most well-known causes.
Kentix has compiled a checklist of 10 simple points that IT systems in server rooms of municipal utilities, utilities and CRITIS operators should meet.
10: Is the IT located in a specially prepared server room or a data center...
The risks: Rooms for IT should be manufactured or adapted for the special requirements and have the following features: Fire doors and appropriate fire protection measures, secure windows, adapted electrical circuits, no water-carrying pipes, no additional uses of a different nature.
09: Is the development of fires reported at an early stage and can measures be initiated immediately...
The risks: A large proportion of fires occur in electrical systems and equipment. These usually develop slowly through smoldering fires. Electrical distribution systems, UPS systems, air conditioning systems and power supplies are potential hazards for fires.
08: If the room temperature rises, is the responsible department informed at an early stage...
The risks: If the air conditioning system fails, the servers may overheat. This usually leads to a total IT failure within a short time. Other critical conditions are excessive humidity or condensation after air conditioning failures.
07: Are water leaks caused by burst pipes or defective air conditioning systems automatically reported before damage occu...
The risks: The ingress of water into server rooms due to flooding or defects in heating systems and air conditioning units, etc. can lead to a total IT failure within a very short time.
06: In the event of a power failure, is it known how long it will last and whether the UPS is operating correctly...
The risks: In the event of a voltage failure, the UPS may unexpectedly malfunction, resulting in a total IT failure. Voltage fluctuations are often also caused by industrial equipment and can lead to UPS or power supply failures.
05: Have active measures been taken against burglaries...
The risks: Burglary or theft are the most obvious threats. In addition to the physical theft of hardware, logical access and attacks can also occur here. Accessible consoles represent critical points of attack here.
04: Can it be traced who was in the room when and for how long...
The risks: T rooms must be adequately secured against unauthorized access and this must be documented wherever possible. Very often, attacks on IT take place from within the companies themselves.
03: Do responsible parties receive real-time notifications at all times in the event of failures...
The risks: The failure of active or passive components such as routers, switches and telephone systems can cause massive disruptions to the IT infrastructure. System failures of several hours to days can quickly cause very large damages here.
02: Are effects of human error automatically reported at an early stage...
The risks: Incorrect operation, open windows, disregard of technical instructions, clumsy behavior – all this regularly leads to expensive IT failures. Organizational measures help to prevent this, supported by fast and redundant notification of irregularities to several people.
01: Can events be traced and reconstructed at any point in time (even over several months) to avoid future failures...
The risks: Documentation and recording of normal and critical system conditions over months or years are often basic requirements of QA and certification systems. Complete documentation potentially relieves you of liability risks.
