Phygital Data Center Security (S1:E31)

September 1, 2022

Phygital Data Center Security (S1:E31) Today, we’re talking about the physical and digital (or “phygital”) support systems and measures that keep data center operations, applications, and data safe from threats. Joining us are Steve Adams, Mid Atlantic Regional Director for Data Centers at Vision Technologies, and Brian Hoover, Southern Regional Sales Engineer at Identiv.

Full Transcript

Audio (00:01): You're listening to Humans in Tech. Our podcast explores today's most transformative technology and the trends of tomorrow. Bringing together the brightest minds in and outside of our industry. We unpack what's new in physical access, identity verification, cybersecurity, and IoT ecosystems. We reach beyond the physical world, discuss our digital transformation as a species, and dive into the emerging figital experience. Join us on our journey as we discover just how connected the future will be and how we will fit into that picture. Your host is Leigh Dow, VP of Global Marketing at Identiv. Alison Rose (00:43): Thanks for tuning in. Hi, this is Alison Rose. I'm sitting in for Leigh Dow today. On today's podcast, we're excited to talk to Steve Adams with the Vision Technologies, a national and global systems integrator, providing IT services and solutions for commercial and federal clients. He is the Mid-Atlantic Regional Director of data centers. Steve is a highly effective Operations Manager with over 10 years of management experience in the security and telecommunications industry. We've also asked Brian Hoover, Southern Regional Sales Engineer at Identiv, to join us for this episode. It's great to have you both here with us today as we discuss data center security. Steve Adams (01:24): Thank you for having me. Brian Hoover (01:25): Yeah. Thank you for having us. Alison Rose (01:26): One of the first things we'd like to talk about, data center security is the physical and digital support systems and measures that keep data center operations, applications, and data safe from threats. What are some of the main current threats to data centers happening right now? Steve Adams (01:44): Yeah. I think a lot of the threats are twofold. You've got your internal threats. There are also your external threats. I think we're just trying to be cautious in the data center world with all the data that comes in from the variances of different applications and depending on the end user who it is. But I think the bigger threat in my opinion would be the internal, those who are just not as loyal as they probably should be, and who have the access to the data at this point. Brian Hoover (02:19): Yeah. I agree with Steve. Unfortunately, statistically, a lot of the intrusions... I guess I'll refer to it, come from an inside act or somebody that can or potentially is involved in the organization, so that is something that is obviously what I'm concerned. Addressing some of those concerns, be it both inside and outside from a physical or logical sense, it's an ever increasing threat. And the solutions to try to solve those problems is something that's constantly changing. Alison Rose (02:55): Okay. So Steve, from your perspective and Brian too, but from your perspectives, what do you think is the major concern of data center managers? Steve Adams (03:07): I think at this point, everybody's concern is supply chain and being able to receive any material or staffing resources, really, to make sure that we can have these data centers up and functional in a timely manner, with the amount of data centers that are going up in the Virginia area, just really worldwide, honestly. But where I'm at in the Mid-Atlantic, the Northern Virginia area, they're blowing up, and we can't get materials fast enough, we can't find quality staffing resources fast enough, which then becomes a vulnerability, because a lot of these data centers want to be up and running in six to eight months. And we're hustling in trying to find different ways to find material. I think that's our biggest concern as a manager, as managers are concerned. Alison Rose (03:54): Yeah. That makes sense. Moving on to the next question, post COVID many data centers are becoming more flexible. Is there also a concern that remote workers are harder to secure? And what do companies need to do to make sure they're taking the steps to mitigate this? Brian Hoover (04:12): It's absolutely true. And this is a real problem. I mean, it's that more and more people go remote. One of the trends currently is, it's twofold: One being, multifactor authentication, remotely, as well as in the physical sense. So, where you start looking at having either a credential of your digital or physical, to be able to authenticate that individual on the network or into the given system, to make sure that you don't have a bad actor. They got a hold of a username and a password from somebody, because there is no physical verification of that individual. "Is John Doe really John Doe, that's trying to access that network or that application?" Steve Adams (04:51): Yeah. I completely agree. I mean, one of the challenges we're facing now is trying to live that... I guess you could say "Post COVID" or, "Is COVID the new normal?" And trying to re-implement the teams back into a face to face cadence is one of my biggest challenges right now, as a manager and overseeing a department. I could say from a subcontractor level, it's not as difficult as it would be from an end user or a security integrator directly level, as far as Identiv is concerned, for example. But yeah, finding those teammates that'll come in and work on site with the teams, getting those cadences we're continuously finding. I'm still trying to find answers on how to get guys back into the office. So I'll let you know as soon as we figure that out. Alison Rose (05:45): Yeah. I mean, you read every day about the struggle with companies back and forth with the remote versus in office. There's certain companies that have to be in the office. They have to be in those data centers to complete that work and to get them up and running, correct? Steve Adams (06:06): Yeah, of course. I mean, look at the federal space. I mean, they're requiring all their employees to come back in because... In some cases you, in the federal space, you're unable to work remote, you've got your SIPR, Deeper net, you've got to be on site for that. You have to be in that network, you can't VPN and get your work done. It's just a fact of life in that position. And I think the data centers are starting to go that route as well. In order for you to commission specific security systems in certain data centers, you have to be on site in their network. There is no VPN access, whatsoever, allowed to avoid any vulnerabilities for that matter. Because all you're doing is just opening up more vulnerabilities, giving multiple individuals your access to your VPN. Brian Hoover (06:51): That's where that multifactor authentication that I was referring to earlier with you. "Are you actually have that card to be able to log in to a smart card reader at your terminal or at your client that people can see." "Okay, again, is John Doe, is that, that person?" You have that credential that has pin codes and biometric templates on it for verification, authentication, to able to say, "It's who you are, what you are, and what you know," to have those multifactors to make sure that, that actor is truly that actor, and that they actually have access to those given systems, in that moment for that moment. It is very important for them to be on site and to have that additional higher posture of security. Alison Rose (07:33): Right. What do you guys think is the most secure data center in the world? Do you have any information on that? Brian Hoover (07:41): I think it's Pionen. It's a Swedish Defense Force data center in Sweden, isn't it? Steve Adams (07:50): I'm not at Liberty to say, I work with many data centers. And I can't honestly tell you who I think is the most secure. I have an idea. I mean, they're probably the top three market caps, so you guys can probably figure that out. But I'm not at liberty to say who's the most secure, due to all the non-disclosures I've signed. Alison Rose (08:11): Right, right, right. Well, top secret info, we understand that. Brian Hoover (08:15): I'm merely reading off what Google tells you it is. Alison Rose (08:20): Interesting. Okay. What are the top cybersecurity threats people should know about and need to know about? Brian Hoover (08:28): Steve is probably a better person to answer this than I am. Steve Adams (08:31): Well, I mean, since we're talking about data centers, the Cloud vulnerabilities. I mean, at this point there's multiple... There's ransomware, and you're phishing attacks, and those different types of cyber security threats. But I think now that we're opening up to our Cloud based systems... Even with our currency with cryptocurrency. I mean, we're opening multiple vulnerabilities across the board, just different types of breaches. So you've got a bunch of data inside of one data center, if that one data center is breached, you've put millions of people in harm's way at this point. So I would say the Cloud vulnerability is in. And it goes back to that multifactor authentication that Brian was just discussing. There are multiple ways, like 2FAs, Two Factor Authentications when you're doing. People need to practice those practices, when it comes to their password. A text that gets sent to them or however it is. But there needs to be multiple factor authentications when dealing with these sites that are Cloud based, such as your Instagrams, your Facebooks, Tiktoks and all those, you've got to have multiple ways to protect yourself. And I think that's something that people need to know. Alison Rose (09:48): Great. What are some of the layers of security to prevent unauthorized access? Brian, this might be a good one for you too. Brian Hoover (09:56): Well, we continue to talk about the same common theme, where you're looking at multiple layers of security being multifactor, whether it be like Steve just stated, two factor, three factor. Again, going back to that, "What you are, who you are, and what you know." Utilizing a physical credential or a virtual credential on a cell phone or a card. Who you are, obviously, it's some sort of biometric template, a finger template, and hand geometry, a retinal scan, a facial recognition. And then obviously, some additional of pin code password, something like that. But within the environment of a data center, you're looking at multiple layers within those environments, be it from the perimeter into the inner center of the server rooms, and up to right there, including physical security into your given cage rack. I mean, we're seeing that being a very common trend here, where actually your individual rack, where your servers may be actually have an access control solution there at that door. So you have that multiple tiers and multiple factors to get in there. Now that's only the physical sense. The logical sense is a much deeper concern and that gets into cyber and everything else, what Steve was referring to you earlier as well. Alison Rose (11:08): Steve, anything you have to add to that one? Steve Adams (11:11): No. Brian hit it right on the head. I mean, it's just that, it's just having those dual, triple factor authentication methods. I mean, it's really cut and drive with that as far as that's concerned. Alison Rose (11:23): Yep. How can data center security be improved, do you think moving forward into the future? Steve Adams (11:30): If we're discussing from a physical or from a cyber perspective, we just have to be adaptive with the times and the technology as it changes. Every quarter something new comes out from electronic security perspective. And every day there's somebody out there who's smart enough to get past the vulnerabilities in the cyber side of things. So we've got to stay proactive. And we just got to stay with the technology. And it's multiple security companies, cyber security companies, physical electronic security companies, and it's a lot of implementation that needs to be done. And like I said, we got to stay ahead of it, and can't get lost in the technology. The amount of how biometrics has taken off within the last 10 years is something to be said with that. So just something like that as an example, if we can continue to stay with the times and figure a way to stay ahead of the threat, then I think it'd be just fine. Brian Hoover (12:35): Yeah. Like Steve have mentioned, I mean, unfortunately the bad actors seem to be one step ahead of the industry a lot of the time, unfortunately. And it comes down to those multiple layers on those various systems, whether it be from the physical to the logical, then down to the actual application. It truly is that the security solution, whatever that might be, the logical access and then the cybersecurity within that environment. It's just the more layers you can put on it, the more factors you have within each one of those layers, the more insulated you become to those threats. Alison Rose (13:09): Well, thank you both for joining us today. We appreciate you taking the time out of your busy schedules. And we look forward to talking to you again soon. Brian Hoover (13:18): Thank you very much. It's been a pleasure. Steve Adams (13:20): Great. Yeah. Thank you for having me. Audio (13:22): The problem isn't security, it's awareness. Velocity Vision is the future of visual surveillance. An intelligent video management solution that delivers real time situational awareness in an open security platform, integrate with your existing systems, verify your environment in one pane of glass, and increase the efficiency of your security operation. Get full control of your environment when and where you need it. Learn more at Control access anytime, anywhere, and on any device 24/7. The Freedom SmartBridge is a leading edge door controller that integrates seamlessly with existing IT infrastructure and management tools. It stores information locally from any server and remains fully functional in the event of a network outage. The Freedom SmartBridge eliminates complex control panel configurations with technology communicating over encrypted IP network protocols. It meets audit compliance requirements and easily supports on premises Hybrid and Cloud deployments. Learn more at Physical security. Identity verification. The IoT. The hyper connectivity of our lives will only grow more pervasive, as technology becomes more automated, and experiences more augmented, it's up to us to preserve our humanity and use new tools and trends for good. The only question is, are we up for the challenge.