[AusNOG] [SPAM] Re: Is CCTV a Necessity in a Data Centre?

Joshua D'Alton joshua at railgun.com.au
Mon Dec 3 10:05:18 EST 2012 

But that is my point. In both instances (I assume there were only 2?) they
only helped after the fact, not during or before. Obviously the population
of data is very small, and we can't know of a thwarted attempt obviously,
but that early 90s AAPT facility for example *does* more things untoward go
on? I'm not sure I'm arguing against cameras, perhaps just about it
being illusory sense of security and only a cover-my-ass thing vs anything
preventative?

I think I'd rather a facility with a proper backup genset than one without
and a nice CCTV system, although the costs are probably incomparable.
Probably a gen x/y and  z difference here as well.

On Mon, Dec 3, 2012 at 8:37 AM, Bevan Slattery <bevan at slattery.net.au>wrote:

>
>
> From: Joshua D'Alton <joshua at railgun.com.au>
> Date: Sunday, 2 December 2012 9:57 PM
> To: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>
>
> Subject: Re: [AusNOG] [SPAM] Re: Is CCTV a Necessity in a Data Centre?
> Resent-From: Bevan Slattery <bevan.slattery at nextdc.com>
>
> Given I replied to you originally thinking you were replying privately vs
> the list, I think it is obvious that the human element is really key, not
> things like CCTV ;P
>
> Anyway, I'm sure CCTV is essential for things like PCI, to meet the BS red
> tape, but with regards to the OP post generally, so far we've only heard
> political/red-tape reasons.
>
> Very interested if you actually have an instance where "It's definitely
> not a waste of resources, given the number of people who typically come and
> go in a commercial data centre and the requirement for access to be
> controlled and monitored", because I've certainly not come across anything
> public :/
>
> How about a national provider who threatened us (the colo provider in a
> previous life) with legal action accusing on of our staff or customers
> intentionally interfering with their network.  Their contractor who was
> doing some works around that time said "I had left by that time –
> absolutely wasn't there and it was all working by the time I left".  Well
> the time stamp on the video showed he was the only person in that area at
> that time and in fact it showed him standing at the rack at the EXACT time
> of the outage.  It was pretty funny when we gave them some stills of the
> video with the time stamp on them.  Guess that contractor has some
> explaining to do.
>
> Or the time that some equipment (a few servers) from a customer went
> "missing" from internal theft.  By using rack access logs we could quickly
> jump back to the dates and times when the rack was accessed and provide
> footage.  Don’t think he got charged, but also don't think he has a job.
>
> If you compare what happens in colo facilities without rack locking audit
> control and cameras (say any old AAPT facility in the late 90's/early
> noughts) versus a newer facility in which there are rack locking + security
> cameras, the reality is more nefarious stuff goes when people know they
> aren't being watched.
>
> So because of environment monitoring there should be less instances of
> problems, because that's human nature.  I mean would you intentionally
> speed through a speed camera?  Would you physically break into one of our
> customer racks within a zone of the facility you are authorised to access
> (we restrict peoples access to zones) knowing that (1) it would take you
> some time if you could and (2) that your access into the facility and zones
> are logged and at all times you are being recorded by at least two (2)
> cameras?
>
> I'd suggest not and therefore I'd suggest they aren't a waste of resources
> and neither do our customers.
>
> [b]
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20121203/9ed2edc6/attachment.html>

More information about the AusNOG mailing list