[AusNOG] RISK - IT Industry - Concern Over Equipment Being, Installed in Data Centre Facilities - Further Replies

[Jake Anderson]

On 27/09/16 19:07, chrismacko80 wrote:
> Bob, what good is physical separation in separate data centres if the
> same ability to wheel in damaging equipment by clients is present, not
> to mention the number of newly arrived foreign nationals we employee
> in our provisioning, support and technical employment sets in lots of
> data centre businesses. Police checks can only do so much when it
> comes to vetting a newly arrived employee from overseas.
>
> As a side note, I visited a local CBA branch today, and saw a form in
> the waiting area on a desk for filling in by employees when dealing
> with suspected bomb packages. I asked the employee if I could take a
> photo, she advised I couldn't as they weren't allowed to provide that
> information to others. Had I just wanted to take a photo of my puppy
> Moira I would have been able to grab a photo, it displayed the CBA and
> BankWest logos. The banks take the threat seriously even for a single
> branch, why don't we as business owners take responsibility and
> collaborate together to fix the gap as an entire industry?
>
> Who's a team player and willing to work on this together?
>
> Chris.
Nobody, because to "fix" it would require in essence nobody bringing 
gear into a colo.
If you can't think of a way to cause havoc when you are bringing in 
sealed volumes of space (say hdd's) you aren't a very good criminal.
Hell you could shut down DC halls with nothing more than reprogramming 
the micro-controller in a stock power supply.

You can either engage in security theatre like the TSA does, or you can 
take measures that balance cost and effectiveness as DC operators do now 
and experience largely the same risk, without wasting billions of 
dollars and millions of man hours.