[AusNOG] RISK - IT Industry - Concern Over Equipment Being, Installed in Data Centre Facilities

Chad Kelly chad at cpkws.com.au
Mon Sep 26 13:10:40 EST 2016 

On 9/26/2016 9:34 AM, ausnog-request at lists.ausnog.net wrote:
> In the last week, in reflection of previous data centre tours I have
> undertaken across the country and the risks that face us all within
> the IT industry, a concern came to mind in our physical security layer
> in relation to data centre facilities. It is my understanding
> currently in Australia (and for other countries as per discussions
> with colleagues), colocated computer equipment provided by customers
> is not inspected nor scanned for any potentially damaging substances
> before being installed within data centres, by organisations providing
> these services. At times, singular servers may be extremely bulky, and
> there may also be occasions when customers provide multiple racks
> fully equipped that is positioned within the data centre without any
> closer inspection apart from basic identification checks, as per
> understanding of information provided from some of our largest data
> centres. Considering this, I feel it's a risk that we don't scan
> equipment as it is being delivered/installed, similar to airports, in
> particular when it has been delivered locally.
What Datacentre in Australia has allowed you to walk in off the street 
with a bunch of servers in cardboard boxes, with you as the client 
going, oh I hope you don't mind if I install  these servers in your DC.
Most datacentres hear in Australia require you to make an appointment 
before you can set foot in them and they require a signed contract 
before you can place equipment in them, you also need to be escorted by 
a security guard.
Plus you need to scan your ID on entry and most hold it for 12 months.
With the airport you can just walk in off the street and buy a ticket, 
its like comparing apples with oranges.
Oh and most DCs require you to have an access card for entry as well.
You could try and sign up for datacentre services using a fake credit 
card and a fake id, and a fake name and address, but frankly the fraud 
detection software is pretty good now a days and you would be reported 
to the AFP and other agencies pretty quickly, if you got found 
registering with stolen credit cards.


You need to have a registered business or organisation  before any DC 
will provide you with services.
Also if a server does happen to catch fire, most datacentres have fire 
suppression installed which will extinguish a fire pretty quickly.
Regards Chad.



-- 
Chad Kelly
Manager
CPK Web Services
web www.cpkws.com.au
phone 03 9013 4853

More information about the AusNOG mailing list