Download PDF version Contact company

Businesses, large and small, create data which needs protecting, whether in an onsite server room or co-located at a data centre. When a business imagines a corporate data breach, they’re probably picturing black-hat hackers pursued by cybercrime investigators. The reality is often more mundane. Only around a half of breaches involve hacking, according to one recent report. Gaps in the physical security, the business’ data and servers are equally important targets.

Perhaps the company director leaves their laptop on the train. Or an unauthorised visitor spots open server racks and quickly downloads records onto his smartphone. Or maybe the server room access control is left entirely to lock-and-key technology which cannot be easily tracked.

Physical server security

Securing sensitive data needs the involvement of every member in an organisation, from top to bottom. But physically protecting servers and data stores is the heart of the security and IT manager’s role.

How much could a data breach cost someone?

In the absence of appropriate physical server security, the mundane can be dangerous — and expensive. Recent research for IBM by the Ponemon Institute estimates the average total cost of a data breach at $3.86 million (€3.57 million). According to the same benchmark report, this average is rising, by 6.4% in the last year alone. Some of the highest breach costs are borne by companies in Europe, including Germany, France, Italy and the UK.

Unauthorised access

As Big Data gets bigger, so does the regulatory landscape for data handling

Such costs can be direct: in business disruption, lost mailing lists or disabled logistics software. They can be indirect: an erosion of customer trust and damaged “brand equity”. Hard-earned goodwill and positive reputations are quickly reversed. Costs also come from fines levied by government and supranational regulators. As Big Data gets bigger, so does the regulatory landscape for data handling.

The most relevant framework for those operating in the EMEA region is the European Union’s General Data Protection Regulation (GDPR). This wide-ranging data privacy rulebook has been enforced since May 2018. GDPR requires businesses to protect storage of all personal information, including customer and employee data. The business’ safeguards must include both electronic and physical barriers to unauthorised access. Server protection is critical.

Physical security for the servers

Does a company know who last accessed their servers, and when? If the answer to either question is “no”, the company is taking unnecessary risks with data security. Yet ensuring they stay on the regulators’ right side, and avoid a costly breach, could be straightforward: better access control.

To ensure maximum security of their servers, in its recent white paper ASSA ABLOY recommends three levels of security working together within an integrated access system. 

Security management systems

  • Level 1 — perimeter security ensures only authorised personnel enter a data storage building. Here, door and gate electronic locks with credential readers can work alongside the likes of CCTV and monitored fencing. It’s a company’s first line of physical breach defence.
  • Level 2 — server room access can be monitored and controlled with a range of access control door devices with inbuilt credential readers, including Aperio battery-powered escutcheons or complete security locks. Either device integrates seamlessly with access and security management systems from over 100 different manufacturers. At room level, physical security must also include water- and dustproofing, electromagnetic security and protection against other physical threats to servers and data.
  • Level 3 — final level of physical data security is a company’s server rack or cabinet. Server rooms have a steady flow of authorised traffic: cleaners, maintenance staff, repair technicians and others. Employee screening cannot be perfect — and accidents happen. Rack or cabinet locking with RFID readers is the last line of defence against a malicious or accidental physical data breach.

Real-time access control

ASSA ABLOY’s Aperio KS100 adds real-time access control and monitoring to server racks and cabinets

ASSA ABLOY’s Aperio KS100 Server Cabinet Lock adds real-time access control and monitoring to server racks and cabinets. The lock works with an existing or new access control system; compatible credentials employ all standard RFID protocols including iCLASS, MIFARE and DESFire. Under the EU’s GDPR, the business must inform anyone affected by a breach “without undue delay”. With the Aperio KS100, the business would know right away if unauthorised access had even been attempted.

Once installed, KS100 locks integrate with the access control system and communicate wirelessly via an Aperio Communications Hub, even if the company’s racks are co-located in a distant data centre. Once online integration with the security admin system is complete, lock access decisions are communicated from and recorded by the company’s software wirelessly.

Data protection regulations

“When Aperio replaces mechanical locking at all three levels of server access control, lost keys no longer compromise data security. Lost credentials are simply deauthorised and a valid replacement reissued. The current status of any lock, at any level, is revealed with the click of a mouse. Generating detailed audit trails is straightforward, making the KS100 and other Aperio wireless locks invaluable for incident investigation”, explains Johan Olsén, Aperio Product Manager at ASSA ABLOY Opening Solutions EMEA.

The right electronic locking keeps the customer reputation intact, the business data off the Dark Web, and on the right side of the multiple data protection regulations, including GDPR.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

Happy, engaged employees are the key to a profitable business
Happy, engaged employees are the key to a profitable business

It is a truism that in the physical security industry your workforce and your reputation are the business’s largest and most important assets. Managing your workforce with empathy to ensure happy, engaged employees can be a balancing act. However, providing flexible working practices that are still profitable for your business is achievable, and something that every security business should be aiming for. SmartTask CEO, Paul Ridden discusses the hidden benefits of an engaged workforce and the role that good workforce management has to play. The importance of an engaged workforce can’t be stressed enough because motivated employees are what makes a business successful. Highly engaged staff According to Gallup, disengaged employees are a drain on any business. On average, they have 37% higher absenteeism, 18% lower productivity and 15% lower profitability. When the impact to the bottom line is calculated, you're looking at the cost of 34% of a disengaged employee's annual salary. Conversely, highly engaged staff show a 40% reduction in absenteeism, and almost 60% less turnover. Engaged employees show up every day with enthusiasm and purpose Engaged employees show up every day with enthusiasm and purpose. They tend to work harder, treat customers well (leading to more business), and, are more likely to remain with the company. Employee engagement is determined by factors such as feeling clear about your role at work, and having the right tools to enable you to do your job to the best of your ability. Being recognised for your hard work and diligence is also a key factor. Enabling security businesses Workforce management, when done well, can make a significant difference to all of these factors, and therefore help to foster an engaged workforce, which is good for business. Traditionally, workforce management and time & attendance (clocking on and off) systems may have seemed a bit ‘big brother’, however, this is no longer the case. In a world where almost everyone carries a smartphone, people are quite used to the idea of constant connectivity. This can be harnessed to enable security businesses to run more smoothly and efficiently, benefitting everyone. Indeed, being able to prove that a contracted service has been delivered is not only good for customer service, and invoicing, it is also provides recognition for hardworking staff. Workforce management solution Staff that feel empowered in such a way are more likely to feel happy and engaged Providing Flexibility and Work/life Balance - While we all know that contracts are contracts, and security businesses must deliver, ditching paper based systems in favour of an electronic workforce management solution, can provide additional flexibility to workers, supporting work/life balance. For example, shifts and rosters, which can be designed in a fraction of the time with a purpose-built solution, can be published further in advance, giving employees enough notice of work patterns to plan their lives around their shifts. People are more easily able to swap shifts or sign up for additional work, and the control room still has oversight to see exactly who is working where and when. In addition, staff can see their accrued holiday entitlement more easily, and request leave from their smartphones. Staff feel more in control of their lives when they can discuss their work patterns and holidays with family while at home simply by referring to an app on their device. Staff that feel empowered in such a way are more likely to feel happy and engaged with the business. Delivering work schedules Task lists for completion while onsite sent directly to their mobile device is convenient for all Convenience and Duty of Care - Using an app to deliver work schedules and assignment instructions provides your employees with the tools and information they need to do their job while removing the stress of dealing with paper-based forms. Task lists for completion while onsite sent directly to their mobile device is convenient for all, and helps to prove compliance with any regulatory requirements, including Duty of Care. Check calls are part of daily life for security workers. Remembering to make them can be cumbersome, but with an app, they can be built into the employee’s Actions for the day/shift, with an automated prompt to make the call. Managing finances better Payroll Visibility and additional Services for Staff - With an online time & attendance solution where people clock in and out electronically, they are able to check their hours accrued and see what their salary will be. If a shift is missed, for example, they are able to query with the payroll department much sooner, leading to more accurate and timely pay. Additional services can be provided, such as ‘pay in advance’ schemes, where workers are able to draw down a percentage of their earned salary before payday. This enables staff to manage their finances better and avoid taking payday loans. Keeping electronic records The benefits to the business of a workforce management solution are many The benefits to the business of a workforce management solution are many. Saving time on back office processes such as designing rosters, managing shifts/attendance/service delivery, holidays and absence. Reducing reliance on manual systems, keeping electronic records provides audit trails, proves compliance and streamlines invoices for all work completed. Having detailed records also means better analysis of the business. Managing rosters and schedules is one thing, ensuring that every shift is profitable is much more complex. However, with electronic workforce management all the variables, fixed costs, recurring costs, salaried people, hourly people and the cost of equipment required, that go into costing a shift can be analysed to ensure every shift is profitable. Providing better safeguards In a post-COVID world, people have embraced technology at a pace not previously imagined. Technology has enabled us to keep in contact with loved ones, enabled those that can to work remotely, and provides better safeguards to key workers that cannot work remotely. In a post-COVID world, people have embraced technology at a pace not previously imagined Providing people with the right tools to do their job is a major step forward in empowering your workforce to do well. Electronic systems that reduce paperwork, also reduce the drudgery of form filling. At head office that frees people up for more proactive, strategic and customer facing work, that really makes a difference to your business. Affordable software solutions Out in the field, electronic systems keep people safer, more informed and helps them to manage their work/life balance. A winning combination for everyone. Paul has spent most of his working life in the computer industry, with the last ten years spent focusing on software solutions for the security, cleaning, FM and logistics sectors. Part of Paul’s role is to use his passion and entrepreneurial approach to build a technology team that can develop and deliver affordable software solutions that take advantage of the latest technologies and help deliver value to all SmartTask users, large and small.

How has security industry training changed in the last year?
How has security industry training changed in the last year?

In-person training sessions were mostly canceled during the worst of the COVID-19 pandemic. However, the need for training continued, and in some cases increased, as the security industry sought to adapt to the changing business climate of a global emergency. So how well did we as an industry adjust? We asked this week’s Expert Panel Roundtable: How has security industry training changed in the last year?

Wire-free, mobile first and data rich? The future of access control is within almost anyone’s reach
Wire-free, mobile first and data rich? The future of access control is within almost anyone’s reach

The 2020s will be a wireless decade in access control, says Russell Wagstaff from ASSA ABLOY Opening Solutions EMEA. He examines the trends data, and looks beyond mobile keys to brand new security roles for the smartphone. The benefits of wire-free electronic access control are well rehearsed. They are also more relevant than ever. A wireless solution gives facility managers deeper, more flexible control over who should have access, where and when, because installing, operating and integrating them is easier and less expensive than wiring more doors. Battery powered locks Many procurement teams are now aware of these cost advantages, but perhaps not their scale. Research for an ASSA ABLOY Opening Solutions (AAOS) benchmarking exercise found installation stage to be the largest contributor to cost reduction. Comparing a typical installation of battery-powered Aperio locks versus wired locks at the same scale, the research projected an 80% saving in installers’ labour costs for customers who go cable-free. Battery powered locks all consume much less energy than traditional wired locks Operating costs are also lower for wireless: Battery powered locks all consume much less energy than traditional wired locks, which normally work via magnets connected permanently to electricity. Wireless locks only ‘wake up’ when presented with a credential for which they must make an access decision. AAOS estimated a 70% saving in energy use over a comparable lock’s lifetime. Find out more about wireless access control at ASSA ABLOY's upcoming 29th June webinar Deploying wireless locks In short, every time a business chooses a wireless lock rather than a wired door, they benefit from both installation and operating cost savings. A recent report from IFSEC Global, AAOS and Omdia reveals the extent to which the advantages of wireless are cutting through. Responses to a large survey of security professionals — end-users, installers, integrators and consultants serving large corporations and small- to medium-sized organisations in education, healthcare, industrial, commercial, infrastructure, retail, banking and other sectors — suggest almost four locations in ten (38%) have now deployed wireless locks as a part or the whole of their access solution. The corresponding data point from AAOS’s 2014 Report was 23%. Electronic access control Electronic access control is less dependent than ever on cabling Without doubt, electronic access control is less dependent than ever on cabling: Even after a year when many investments have been deferred or curtailed, the data reveals fast-growing adoption of wireless locks, technologies and systems. Is mobile access control — based on digital credentials or ‘virtual keys’ stored on a smartphone — an ideal security technology for this wire-free future? In fact, the same report finds mobile access is growing fast right now. Among those surveyed, 26% of end-users already offer mobile compatibility; 39% plan to roll out mobile access within two years. Before the mid-2020s, around two-thirds of access systems will employ the smartphone in some way. The smartphone is also convenient for gathering system insights Driving rapid adoption What is driving such rapid adoption? The convenience benefits for everyday users are obvious — witness the mobile boom in banking and payments, travel or event ticketing, transport, food delivery and countless more areas of modern life. Access control is a natural fit. If you have your phone, you are already carrying your keys: What could be easier? IBM forecasts that 1.87 billion people globally will be mobile workers by 2022 Less often discussed are the ways mobile management makes life easier for facility and security managers, too. Among those polled for the new Wireless Access Control Report, almost half (47%) agreed that ‘Mobile was more flexible than physical credentials, and 36% believe that mobile credentials make it easier to upgrade employee access rights at any time.’ IBM forecasts that 1.87 billion people globally will be mobile workers by 2022. Workers in every impacted sector require solutions which can get the job done from anywhere: Access management via smartphone offers this. Site management device The smartphone is also convenient for gathering system insights. For example, one new reporting and analytics tool for CLIQ key-based access control systems uses an app to collect, visualise and evaluate access data. Security system data could contribute to business success. The app’s clear, visual layout helps managers to instantly spot relevant trends, anomalies or patterns. It’s simple to export, to share insights across the business. Reinvented for learning — not just as a ‘key’ or site management device — the phone will help businesses make smarter, data-informed decisions. The smartphone will also play a major role in security — and everything else — for an exciting new generation of smart buildings. These buildings will derive their intelligence from interoperability. Over 90% of the report’s survey respondents highlighted the importance of integration across building functions including access control, CCTV, alarm and visitor management systems. Genuinely seamless integration They offer greater peace of mind than proprietary solutions which ‘lock you in’ for the long term Yet in practice, stumbling blocks remain on the road to deeper, genuinely seamless integration. More than a quarter of those polled felt held back by a lack of solutions developed to open standards. ‘Open standards are key for the momentum behind the shift towards system integration,’ notes the Report. As well as being more flexible, open solutions are better futureproofed. Shared standards ensure investments can be made today with confidence that hardware and firmware may be built on seamlessly in the future. They offer greater peace of mind than proprietary solutions which ‘lock you in’ for the long term. Open solutions and mobile management are critical to achieving the goals which end-users in every vertical are chasing: scalability, flexibility, sustainability, cost-efficiency and convenience.