World events over recent years have sparked a new frenzy in network security. Words like NSA, Heartbleed, Wikileaks and personal email servers are pregnant with meaning about the implied vulnerabilities of our digital communications. Individuals and organisations alike are much more informed (or even misinformed!) as to the issues surrounding the privacy of personal and corporate communications which has resulted in governments and private institutions investing large amounts of time, energy and capital to secure the data they store and transmit. This frantic and feverish rush to secure networks electronically may have led to an equally critical neglect of another aspect of network security, one that is not so obvious in the hi-tech, remote-controlled digital battleground of today: physical security.
Physical network security, in its most common form, involves the implementation of measures that restrict potential malicious users from gaining physical access to servers, network equipment or even password-unprotected workstations. But there is a side to physical security that is often forgotten in this already overlooked aspect of network protection.
Physical security must also address security threats from damage to network equipment itself. This includes earthquake resistant racks, temperature regulation, fire suppression systems and fire resistant cabling which allow systems designed to mitigate these physical risks to continue to function under extreme conditions and circumstances.
Now all this may sound extreme for an individual user but the question is how important is your data and how critical is your system uptime? For the average small business such measures might be cost-prohibitive if installed in their own onsite datacentres or server rooms, yet mission-critical systems for financial institutions, power generation companies, military operations services, and telecommunications service providers will need to regularly reassess the implementation of physical security plans on their networks. This is especially true in areas where physical threats are more common and has been proven in many cases, not least during the massive earthquake that rocked Japan in 2011 and in the lessons learned since the September 11th terrorist attacks in New York. What happens if a physical breach means you can’t access your information for an hour, a day, a week or longer – does it impact you alone or does its knock-on effect bring everyone to a halt? Could you operate using pen and paper?
Many large companies use offsite data centres to store daily information and keep a back-up mirroring their live systems, the advantage being that these large data sites will have many if not all of the physical and digital security measures required in place – their sole job is data security after all. When twinned with onsite data security it provides another route to access data in the event of a catastrophic systems failure whether by fire or other disaster. Similarly, small companies may store information in the Cloud, which may circumvent the physical security issues can itself be fraught with security issues.
The raw truth however, is that no matter how well you are prepared for a physical security breach, whether its source is a person or a natural disaster, there are times where some or all of the systems you want to protect do fail. That is why a disaster recovery plan should never be overlooked as a critical part of a robust and complete physical network security policy.