[AusNOG] RISK - IT Industry - Concern Over Equipment Being Installed in Data Centre Facilities

Colin Stubbs colin.stubbs at equatetechnologies.com.au
Sun Sep 25 21:36:29 EST 2016 

It's advertising.

He's advertising his tinfoil hat and his desire to provide a solution to a
problem that he's blowing out of proportion.

The ability for individuals with existing access to the facility to bring
things in that they shouldn't isn't a new issue.

Granted, there are some facilities where an extra layer of scrutiny is
warranted and should be imposed rigidly, but the rest neither need nor
would want, nor should have to carry; the cost associated with operating a
datacenter security circus in the same way as is performed at the airport.


-Colin

On 25 September 2016 at 21:12, paul+ausnog at oxygennetworks.com.au <
paul+ausnog at oxygennetworks.com.au> wrote:

> Is this advertising or genuine information ?
>
> Paul
>
> -----Original Message-----
> From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of
> chrismacko80
> Sent: Sunday, 25 September 2016 8:48 PM
> To: ausnog at lists.ausnog.net
> Subject: [AusNOG] RISK - IT Industry - Concern Over Equipment Being
> Installed in Data Centre Facilities
>
> Dear Industry Colleagues,
>
> In the last week, in reflection of previous data centre tours I have
> undertaken across the country and the risks that face us all within the IT
> industry, a concern came to mind in our physical security layer in relation
> to data centre facilities. It is my understanding currently in Australia
> (and for other countries as per discussions with colleagues), colocated
> computer equipment provided by customers is not inspected nor scanned for
> any potentially damaging substances before being installed within data
> centres, by organisations providing these services. At times, singular
> servers may be extremely bulky, and there may also be occasions when
> customers provide multiple racks fully equipped that is positioned within
> the data centre without any closer inspection apart from basic
> identification checks, as per understanding of information provided from
> some of our largest data centres. Considering this, I feel it's a risk that
> we don't scan equipment as it is being delivered/installed, similar to
> airports, in particular when it has been delivered locally.
>
> It's my understanding as an industry we spend billions each year securing
> our data security layer within data centres, however it appears that even
> with the strictest data centre audits (including by government risk
> assessors), these have not scrutinised this risk to any degree. I'm not
> aware if the Attorney General's department nor our federal or state
> governments perform any such checks when equipment is being installed into
> their own data centre facilities. I also don't believe I ever saw any such
> risk considered under any data centre rating specification. As a point,
> what good is bullet-proof glass within the foyer of a data centre and
> specific outline of the construction of a goods lift, when there is a
> greater threat for potentially damaging substances to be wheeled into a
> data centre within equipment without scrutiny.
>
> I would also ask the question whether our financial market is exposed in
> any way to this risk, and whether the Australian Stock Exchange
> sufficiently scans computer equipment delivered for installation into its'
> data centre facilities in particular by third party customers. I don't know
> the answer. I hope they do, if not, the question really needs to be asked,
> why not?
>
> Quoting from ASX document
> (http://www.asx.com.au/documents/professionals/alc-connectivity-guide.pdf)
> which is available on their website currently;
>
> "The Australian Liquidity Centre (ALC) is a state-of-the-art data centre
> and financial markets community located just outside Sydney’s CBD. It
> enables ASX customers to connect with each other and the Australian and
> global financial markets like never before.
>
> Offering one central location for fast, simple connection to the financial
> markets community, the ALC provides low latency connectivity options to
> domestic and global liquidity sources, ASX market data and all ASX markets.
>
> The ALC is designed to maximise the potential of its community. It houses
> all of ASX’s primary trading, clearing and settlement systems as well as
> providing hosting facilities for its customers which include buy and
> sell-side firms, market infrastructure and liquidity venues, information
> and technology vendors, and infrastructure and network service providers."
>
> I've reached out to several colleagues within the industry, who also agree
> the lack of scanning of potentially damaging substances is a serious
> concern, I'd ask that you consider your thoughts on this risk in regards to
> safeguarding our technology and investments made by all involved, and what
> you believe should be done to address this risk moving forward.
>
> Kind regards,
>
> Chris Macko
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160925/3ff8fc49/attachment.html>

More information about the AusNOG mailing list