[AusNOG] RISK - IT Industry - Concern Over Equipment Being, Installed in Data Centre Facilities

Paul Wilkins paulwilkins369 at gmail.com
Mon Sep 26 13:32:38 EST 2016 

Someone also needs to do a risk assessment of the Chinese space station
landing on your data centre.

Kind regards

Paul Wilkins

On 26 September 2016 at 13:10, Chad Kelly <chad at cpkws.com.au> wrote:

> On 9/26/2016 9:34 AM, ausnog-request at lists.ausnog.net wrote:
>
>> In the last week, in reflection of previous data centre tours I have
>> undertaken across the country and the risks that face us all within
>> the IT industry, a concern came to mind in our physical security layer
>> in relation to data centre facilities. It is my understanding
>> currently in Australia (and for other countries as per discussions
>> with colleagues), colocated computer equipment provided by customers
>> is not inspected nor scanned for any potentially damaging substances
>> before being installed within data centres, by organisations providing
>> these services. At times, singular servers may be extremely bulky, and
>> there may also be occasions when customers provide multiple racks
>> fully equipped that is positioned within the data centre without any
>> closer inspection apart from basic identification checks, as per
>> understanding of information provided from some of our largest data
>> centres. Considering this, I feel it's a risk that we don't scan
>> equipment as it is being delivered/installed, similar to airports, in
>> particular when it has been delivered locally.
>>
> What Datacentre in Australia has allowed you to walk in off the street
> with a bunch of servers in cardboard boxes, with you as the client going,
> oh I hope you don't mind if I install  these servers in your DC.
> Most datacentres hear in Australia require you to make an appointment
> before you can set foot in them and they require a signed contract before
> you can place equipment in them, you also need to be escorted by a security
> guard.
> Plus you need to scan your ID on entry and most hold it for 12 months.
> With the airport you can just walk in off the street and buy a ticket, its
> like comparing apples with oranges.
> Oh and most DCs require you to have an access card for entry as well.
> You could try and sign up for datacentre services using a fake credit card
> and a fake id, and a fake name and address, but frankly the fraud detection
> software is pretty good now a days and you would be reported to the AFP and
> other agencies pretty quickly, if you got found registering with stolen
> credit cards.
>
>
> You need to have a registered business or organisation  before any DC will
> provide you with services.
> Also if a server does happen to catch fire, most datacentres have fire
> suppression installed which will extinguish a fire pretty quickly.
> Regards Chad.
>
>
>
> --
> Chad Kelly
> Manager
> CPK Web Services
> web www.cpkws.com.au
> phone 03 9013 4853
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160926/ed98eeee/attachment.html>

More information about the AusNOG mailing list