<div dir="ltr"><br><div>It's advertising.<div><br></div><div>He's advertising his tinfoil hat and his desire to provide a solution to a problem that he's blowing out of proportion.</div></div><div class="gmail_extra"><br></div><div class="gmail_extra">The ability for individuals with existing access to the facility to bring things in that they shouldn't isn't a new issue.</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Granted, there are some facilities where an extra layer of scrutiny is warranted and should be imposed rigidly, but the rest neither need nor would want, nor should have to carry; the cost associated with operating a datacenter security circus in the same way as is performed at the airport.</div><div><br></div><div><br></div><div>-Colin</div></div></div></div></div></div></div></div><br><div class="gmail_quote">On 25 September 2016 at 21:12, <a href="mailto:paul%2Bausnog@oxygennetworks.com.au">paul+ausnog@oxygennetworks.com.au</a> <span dir="ltr"><<a href="mailto:paul+ausnog@oxygennetworks.com.au" target="_blank">paul+ausnog@oxygennetworks.com.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Is this advertising or genuine information ?<br>
<span class="gmail-HOEnZb"><font color="#888888"><br>
Paul<br>
</font></span><div class="gmail-HOEnZb"><div class="gmail-h5"><br>
-----Original Message-----<br>
From: AusNOG [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.<wbr>ausnog.net</a>] On Behalf Of chrismacko80<br>
Sent: Sunday, 25 September 2016 8:48 PM<br>
To: <a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a><br>
Subject: [AusNOG] RISK - IT Industry - Concern Over Equipment Being Installed in Data Centre Facilities<br>
<br>
Dear Industry Colleagues,<br>
<br>
In the last week, in reflection of previous data centre tours I have undertaken across the country and the risks that face us all within the IT industry, a concern came to mind in our physical security layer in relation to data centre facilities. It is my understanding currently in Australia (and for other countries as per discussions with colleagues), colocated computer equipment provided by customers is not inspected nor scanned for any potentially damaging substances before being installed within data centres, by organisations providing these services. At times, singular servers may be extremely bulky, and there may also be occasions when customers provide multiple racks fully equipped that is positioned within the data centre without any closer inspection apart from basic identification checks, as per understanding of information provided from some of our largest data centres. Considering this, I feel it's a risk that we don't scan equipment as it is being delivered/installed, similar to airports, in particular when it has been delivered locally.<br>
<br>
It's my understanding as an industry we spend billions each year securing our data security layer within data centres, however it appears that even with the strictest data centre audits (including by government risk assessors), these have not scrutinised this risk to any degree. I'm not aware if the Attorney General's department nor our federal or state governments perform any such checks when equipment is being installed into their own data centre facilities. I also don't believe I ever saw any such risk considered under any data centre rating specification. As a point, what good is bullet-proof glass within the foyer of a data centre and specific outline of the construction of a goods lift, when there is a greater threat for potentially damaging substances to be wheeled into a data centre within equipment without scrutiny.<br>
<br>
I would also ask the question whether our financial market is exposed in any way to this risk, and whether the Australian Stock Exchange sufficiently scans computer equipment delivered for installation into its' data centre facilities in particular by third party customers. I don't know the answer. I hope they do, if not, the question really needs to be asked, why not?<br>
<br>
Quoting from ASX document<br>
(<a href="http://www.asx.com.au/documents/professionals/alc-connectivity-guide.pdf" rel="noreferrer" target="_blank">http://www.asx.com.au/<wbr>documents/professionals/alc-<wbr>connectivity-guide.pdf</a>)<br>
which is available on their website currently;<br>
<br>
"The Australian Liquidity Centre (ALC) is a state-of-the-art data centre and financial markets community located just outside Sydney’s CBD. It enables ASX customers to connect with each other and the Australian and global financial markets like never before.<br>
<br>
Offering one central location for fast, simple connection to the financial markets community, the ALC provides low latency connectivity options to domestic and global liquidity sources, ASX market data and all ASX markets.<br>
<br>
The ALC is designed to maximise the potential of its community. It houses all of ASX’s primary trading, clearing and settlement systems as well as providing hosting facilities for its customers which include buy and sell-side firms, market infrastructure and liquidity venues, information and technology vendors, and infrastructure and network service providers."<br>
<br>
I've reached out to several colleagues within the industry, who also agree the lack of scanning of potentially damaging substances is a serious concern, I'd ask that you consider your thoughts on this risk in regards to safeguarding our technology and investments made by all involved, and what you believe should be done to address this risk moving forward.<br>
<br>
Kind regards,<br>
<br>
Chris Macko<br>
______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br>
<br>
______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br>
</div></div></blockquote></div><br></div></div>