Physical security adds one layer of security your data center should have in place to not only meet compliance standards, but to keep unauthorized users from accessing physical servers.
Online Tech’s audited data centers verify that we have implemented strong access control measures to protect our infrastructure. Physical security means only authorized personnel should have limited access to locked server racks, suites and cages.
All of our data centers require two-factor authentication for building access, including keycard logging and biometric identification. All visitors are required to sign in, wear badges and follow proprietary security procedures. Our environmental controls include 24x7 monitoring, logged surveillance cameras, and multiple alarm systems.
We require two-factor identification for entry that includes the use of a security badge and code to gain access to restricted areas. We also use biometric identification for building access.
If you collect, store or process credit cardholder data, you must meet PCI DSS standards. Physical security is required, as seen by PCI standard 9.1 that states:
Use appropriate facility entry controls to limit and monitor physical access to systems in the cardholder data environment.
As a testing procedure, 9.1 states:
Verify the existence of physical security controls for each computer room, data center, and other physical areas with systems in the cardholder data environment. Verify that access is controlled with badge readers or other devices including authorized badges and lock and key.
Sub-requirements under requirement 9, Restrict physical access to cardholder data, also mandate the use of video cameras and/or access control mechanisms to monitor physical access to sensitive areas; restriction of physical access to network jacks, wireless access points, gateways, handheld devices, and more. There are also specific requirements on how to handle visitors to data centers or facilities with cardholder data.
Even if your company isn’t required to meet compliance standards, they are recommended guidelines for the level of security any organization should strive to maintain. Don’t settle for less - partner with a hosting provider that takes security seriously.