But that is my point. In both instances (I assume there were only 2?) they only helped after the fact, not during or before. Obviously the population of data is very small, and we can't know of a thwarted attempt obviously, but that early 90s AAPT facility for example *does* more things untoward go on? I'm not sure I'm arguing against cameras, perhaps just about it being illusory sense of security and only a cover-my-ass thing vs anything preventative?<div>
<br></div><div>I think I'd rather a facility with a proper backup genset than one without and a nice CCTV system, although the costs are probably incomparable. Probably a gen x/y and z difference here as well.<br><br>
<div class="gmail_quote">On Mon, Dec 3, 2012 at 8:37 AM, Bevan Slattery <span dir="ltr"><<a href="mailto:bevan@slattery.net.au" target="_blank">bevan@slattery.net.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="font-size:14px;font-family:Calibri,sans-serif;word-wrap:break-word"><div><br></div><div><br></div><span><div style="border-right:medium none;padding-right:0in;padding-left:0in;padding-top:3pt;text-align:left;font-size:11pt;border-bottom:medium none;font-family:Calibri;border-top:#b5c4df 1pt solid;padding-bottom:0in;border-left:medium none">
<span style="font-weight:bold">From: </span> Joshua D'Alton <<a href="mailto:joshua@railgun.com.au" target="_blank">joshua@railgun.com.au</a>><br><span style="font-weight:bold">Date: </span> Sunday, 2 December 2012 9:57 PM<br>
<span style="font-weight:bold">To: </span> "<a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a>" <<a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a>><div class="im">
<br><span style="font-weight:bold">Subject: </span> Re: [AusNOG] [SPAM] Re: Is CCTV a Necessity in a Data Centre?<br></div><span style="font-weight:bold">Resent-From: </span> Bevan Slattery <<a href="mailto:bevan.slattery@nextdc.com" target="_blank">bevan.slattery@nextdc.com</a>><br>
</div><div class="im"><div><br></div><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5">Given I replied to you originally thinking you were replying privately vs the list, I think it is obvious that the human element is really key, not things like CCTV ;P<div>
<br></div><div>Anyway, I'm sure CCTV is essential for things like PCI, to meet the BS red tape, but with regards to the OP post generally, so far we've only heard political/red-tape reasons.</div><div><br></div><div>
Very interested if you actually have an instance where "It's definitely not a waste of resources, given the number of people who typically come and go in a commercial data centre and the requirement for access to be controlled and monitored", because I've certainly not come across anything public :/<br>
<br></div></blockquote></div></span><div>How about a national provider who threatened us (the colo provider in a previous life) with legal action accusing on of our staff or customers intentionally interfering with their network. Their contractor who was doing some works around that time said "I had left by that time – absolutely wasn't there and it was all working by the time I left". Well the time stamp on the video showed he was the only person in that area at that time and in fact it showed him standing at the rack at the EXACT time of the outage. It was pretty funny when we gave them some stills of the video with the time stamp on them. Guess that contractor has some explaining to do.</div>
<div><br></div><div>Or the time that some equipment (a few servers) from a customer went "missing" from internal theft. By using rack access logs we could quickly jump back to the dates and times when the rack was accessed and provide footage. Don’t think he got charged, but also don't think he has a job.</div>
<div><br></div><div>If you compare what happens in colo facilities without rack locking audit control and cameras (say any old AAPT facility in the late 90's/early noughts) versus a newer facility in which there are rack locking + security cameras, the reality is more nefarious stuff goes when people know they aren't being watched.</div>
<div><br></div><div>So because of environment monitoring there should be less instances of problems, because that's human nature. I mean would you intentionally speed through a speed camera? Would you physically break into one of our customer racks within a zone of the facility you are authorised to access (we restrict peoples access to zones) knowing that (1) it would take you some time if you could and (2) that your access into the facility and zones are logged and at all times you are being recorded by at least two (2) cameras?</div>
<div><br></div><div>I'd suggest not and therefore I'd suggest they aren't a waste of resources and neither do our customers.</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>[b]</div><div><br>
</div></font></span></div>
</blockquote></div><br></div>