[AusNOG] [SPAM] Re: Is CCTV a Necessity in a Data Centre?

Joshua D'Alton joshua at railgun.com.au
Sun Dec 2 19:24:53 EST 2012


Its a bit like airport security; you have to have it so it looks like you
are secure, but in reality anyone wanting to do something malicious will
firstly be able to still do it, and secondly probably get away with it.

Looking at PCI DSS, while the costs for CCTV are fairly insignificant, it
is as laughable when compared to the tens of billions lost as it is the
number of hijackings prevented.

The $30 million stolen recently in Australia by a Romanian ring who had 0
physical access to Australia let alone a rack in a DC is a fairly poignant
example.

On Sun, Dec 2, 2012 at 7:15 PM, Chris Ricks <chris.ricks at securepay.com.au>wrote:

> CCTV is a requirement for us, given requirement 9 of PCI DSS.
>
> In one of our locations, we have cameras in our rack and in another we
> have cameras in our cage facing inwards.
>
>
> Matt Perkins <matt at spectrum.com.au> wrote:
>
>
> a) Is CCTV (recording) a necessity within a data centre?
>
>  It's a requirement of our insurance company so yes.
>
> b) Would you feel it's appropriate if a data center provider didn't have
> CCTV as part of their service provision and soly relied on physical access
> logs for physical security auditing?
>
> No there is no due diligence, No there is no backup.  That is a physical
> log is one form of security but it has no backup cctv provides a backup.
>
> c) Would you state that CCTV is simply implied as a standard inclusion
> when it comes to the provision of data centre services?
>
> Nothing is implied or standard. Most customers worth their salt will send
> you the normal security DD questionnaire.
>
> Matt.
>
>
>
> On 2/12/12 12:38 PM, Chris Macko wrote:
>
>
>
>
>
>
> Hi Matt,
>
> Thanks for your feedback, if you have the time, I'd really appreciate if
> you could provide your responses to the initial questions. I would like to
> review the industry belief, whilst I have my own experiences and beliefs,
> my own feelings are insufficient to solely use in my case study and thus it
> is necessary for me to consider the broad industry responses and beliefs.
>
> Rather than just taking the queries to my direct colleagues (who may be
> inclined to think the way I do, given that birds of a feather flock
> together), I'm being thorough and taking onboard the comments from the
> complete industry.
>
> Regarding logo, this is just an email signature, we started off as a
> design agency so aesthetic design is important to us. I've removed our logo
> for you on this response.
>
> Kind Regards,
>
> *Chris* Macko
> *Managing Director*
> *Interhost Pacific* Pty Ltd t/a Intervolve
>   *Support Phone* 1300 664 574 / +61 8 8260 4237  *Sales Phone* 1300 664
> 574  *Accounts Phone* +61 8 8260 4237  *Office Fax* +61 8 8260 4312
> *Sales Email* sales at intervolve.com.au  *Support Email*
> support at intervolve.com.au  *Accounts Email* accounts at intervolve.com.au
>    *Website* www.*intervolve*.com.au <http://www.intervolve.com.au/>
>      This email contains information that is confidential to the intended
> recipient. It may also contain information, which is subject to legal
> privilege. If you are not the intended recipient, you must not use, pass on
> or copy this message. We also ask that you notify the sender by email or
> telephone and destroy the original message. Thank you.
>
>
>
>  ------------------------------
> *From:* ausnog-bounces at lists.ausnog.net [
> mailto:ausnog-bounces at lists.ausnog.net <ausnog-bounces at lists.ausnog.net>]
> *On Behalf Of *Matt Perkins
> *Sent:* Sunday, 2 December 2012 11:51 AM
> *To:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] [SPAM] Re: Is CCTV a Necessity in a Data Centre?
>
>  Skeeve,
>  I saw a system once that took stills out of the rack when a reed on the
> door was triggered. So simply taking a record of people who opened the door
> so it could be perhaps more innocent. Im not sure a camera looking out of
> the rack would be that useful and sure people may be upset about there
> privacy. We have a no camera/photo in our center policy for customers and
> our CCTV monitors the general floor and ingress and egress points. It would
> be only scrutinized in the event of some sort of security breach any way.
> To the broader  issue of cctv. Well it's so cheap who would not put it in.
> Compared to the other facility costs.  UPS/GEN Fire etc etc.
>
> It's a strange question Chris could you give us some background to why
> ask? You cant help but notice a big logo at the start of your email....
>
>
>
> 2/12/12 11:59 AM, Skeeve Stevens wrote:
>
> Chris,
>
>  I think CCTV is important... but you have to ask a more Micro
> questions... where?
>
>  Ingress/Egress, definitely.  Every rack? I don't think so.  As long as
> you can verify who went in and out, and where they went... i.e. which room,
> then you are fine.
>
>  No one wants to be constantly watched as they do their job, and let's be
> honest here... video of an engineer sitting on the floor typing on a
> laptop, or inside a rack playing with things, isn't exactly going to give
> you much information about what they are doing, and anything it does, is
> unlikely to be in context.
>
>  I've seen people even have cameras in their rack looking out... never
> sure what that was for.  I used to have one in a rack opposite where I used
> to regularly work in Global Switch, so I just stuck a bit of paper over it.
>  No idea whose it was, but they didn't have a right to film me doing my
> work.  It is also illegal since they don't have a sign saying they are
> doing it, and I am sure they don't have a covert surveillance warrant.
>
>  Reference:
> http://www.legislation.nsw.gov.au/fullhtml/inforce/act+47+2005+FIRST+0+N
>
>  When it comes to DC's, I am not sure what defines a workplace however...
> and surveillance when people have cameras inside their racks looking out,
> may be illegal.
>
>  Essentially, if you can't trust the DC's security, you probably
> shouldn't be using that DC.
>
>  Who went where, most importantly, when, is all you need.
>
>  ...Skeeve
>  *
>
> *
> *Skeeve Stevens, CEO - *eintellego Pty Ltd
>  skeeve at eintellego.net ; www.eintellego.net
>
> Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve
>
> facebook.com/eintellego ; linkedin.com/in/skeeve
>
> twitter.com/networkceoau ; blog: www.network-ceo.net
>
>  The Experts Who The Experts Call
>  Juniper - Cisco – IBM - Brocade - Cloud
>  -----
> Check out our Juniper promotion website for Oct/Nov!  eintellego.mx
> Free Apple products during this promotion!!!
>
>
>
> On Sun, Dec 2, 2012 at 11:18 AM, Chris Macko <cmacko at intervolve.com.au>wrote:
>
>>
>>
>>
>>
>>
>> Hi All,
>>
>> I'm performing a small case study and would really appreciate if you're
>> able to provide your feedback in relation to the following questions
>> regarding CCTV within a data centre;
>>
>> a) Is CCTV (recording) a necessity within a data centre?
>> b) Would you feel it's appropriate if a data centre provider didn't have
>> CCTV as part of their service provision and soly relied on physical access
>> logs for physical security auditting?
>> c) Would you state that CCTV is simply implied as a standard inclusion
>> when it comes to the provision of data centre services?
>>
>> My personal experience is that CCTV is necessary within data centre
>> services in order to investigate potential physical security breaches in
>> events where physical access logs don't provide the necessary information
>> being investigated. I also feel that a data centre without CCTV would be
>> akin to a human without oxygen, in that both co-exist and are co-dependent.
>>
>> I would however really appreciate your thoughts and feedback. Thank you!
>>
>> Kind Regards,
>>
>> *Chris* Macko
>> *Managing Director*
>> *Interhost Pacific* Pty Ltd t/a Intervolve
>>   *Support Phone* 1300 664 574 / +61 8 8260 4237  *Sales Phone* 1300 664
>> 574  *Accounts Phone* +61 8 8260 4237  *Office Fax* +61 8 8260 4312
>> *Sales Email* sales at intervolve.com.au  *Support Email*
>> support at intervolve.com.au  *Accounts Email* accounts at intervolve.com.au
>>    *Website* www.*intervolve*.com.au <http://www.intervolve.com.au/>
>>      This email contains information that is confidential to the
>> intended recipient. It may also contain information, which is subject to
>> legal privilege. If you are not the intended recipient, you must not use,
>> pass on or copy this message. We also ask that you notify the sender by
>> email or telephone and destroy the original message. Thank you.
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
>
> _______________________________________________
> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20121202/87678096/attachment.html>


More information about the AusNOG mailing list