1) The document discusses securing datacenters against key threats like dispossessing, disabling, and disrupting access. 2) It recommends implementing defense in depth across multiple layers including the perimeter, building, critical spaces, and strongbox (server rack) layers using architectural barriers, access controls, intrusion detection technologies, and operational security practices. 3) Technologies discussed include various camera types, access control systems, audio/video analytics, and an integrated physical security system controlled over an IP network.

1. SECURING OUR DATACENTERS
Jeffrey Lam ACP, RCDD
AXIS COMMUNICATIONS
17 Nov 2016, 4.30pm

2. There are no
secure systems!
You can only
make systems
more secure.
SECURING OUR DATACENTERS
Security
is not a product
nor a feature; it’s
an integration of
culture, policies
& systems

3. 3 KEY THREATS & DEFENCES
DISPOSSESS
DISABLE
DISRUPT
TECHNICAL DEFENCE

4. Defence in Depth

5. Defence in Depth
Moat
Outer Wall
Inner Wall
Keep / Tower
Perimeter
Building
Critical Spaces
Strongbox
Castle Datacenter

6. 1. ARCHITECTURAL DEFENCE
BARRIERS
Perimeter fencing
Building Walls
Computer / plant
rooms
IT / control cabinet
ACCESS
Perimeter Gates
Building entrances
Computer room
entrances
Cabinet doors
CONNECTORS
Facility grounds
Mantraps
Elevators
Corridors
LAYERS

7. PERIMETER LAYER

8. Security-based operations
BUILDING LAYER

9. Security-based operations
CRITICAL SPACES LAYER

10. STRONGBOX LAYER

11. PUBLIC
ADDRESS
VOICE
COMMS
OTHERS
INTRUDER
DETECTION
SOFTWARE
ANALYTICS
VIDEO
SURVEILIANCE
ACCESS
CONTROL
2. TECHNICAL DEFENCE

12. PERIMETER – LOW LIGHT CAMERAS
Image without Lighfinder technology Image with Lighfinder technology

13. PERIMETER - THERMAL CAMERAS
Detect with thermal camera
(AXIS Q1922)
Visual camera
(AXIS Q1755)
Zoom & identify with visual
camera (AXIS Q1755)

14. Security-based operations
PERIMETER – LARGE OPEN SPACES
AXIS Q60-E showing the zoomed-in view of interest.

15. BUILDING LEVEL – VARYING LIGHT LEVELS
Underexposed
trying to capture the
environment outside
Overexposed
trying to capture the
environment indoors
WDR Forsensic Capture
Looks slightly unreal, but
more useful for
surveillance

16. Security-based operations
!
Post-event images
Security-based operations
Pre-event images
Computer Room : integrated with IIM/DCIM
Security-based operations
Event

17. ADVANCED COMPRESSION TECHNIQUES

18. > Small form factor
> Installed at eye level – capture face
> Integrated with audio & I/O
> Integrated with DCIM / IIM
> Single IP address for multiple cameras
STRONGBOX (RACK) LEVEL CAMERAS

19. INTRUSION DETECTION
Buried coil
Electromagnetic
Infra-red
Open Area Sensor
Pressure
Wall & floor sensors
Camera
Analytics

20. Analytics
Audio Analytics
Video Analytics • Gunshot
• Broken glass
• Explosion
• Screeching car
• Voice – aggression
• Voice – key words
• Perimeter protection
• Facial recognition
• People counting
• Unauthorized access
• Aggression detection
• Smoke detection

21. IP PUBLIC ADDRESS SYSTEM
Axis network speaker solutionTraditional analog speaker solution
Speaker
Amplifier
Tone control / Equalizer
Streaming box
All-in-one
Network switch
Network PoE switch
- Speaker audio cable
- Line level audio cable
- Line level audio cable
- Network cable
- Network cable
(Structured Cabling)

22. > Identification & verification
– What you Have
– What you Know
– Who your Are
> 2 factor / 3 factor authentication
> Turnstiles integration for Anti-passback &
anti tailgate
> System Management
– Token – lost / disabled
– Passcode renewal / forgotten
– Maintenance of biometrics database
ACCESS CONTROL

23. Other electronics systems
• Key Management Systems
• RFID Asset management systems
• Visitors pass management systems
• Mantrap with weighing scale /metal detector
• Vehicle entry with weighing scale
• Drone detection & disablement systems
• Drone based surveillance system
• Intruder response system – fog, net, etc
• Etc.
COPYRIGHT TRAKKER

24. IoT – CENTRALISED CONTROL
Security-based operations
CAMERAS
PIR SENSORS
ILLUMINATOR
I/O
CONTROLLER
DOOR
CONTROLLER
SPEAKERS
MICROPHONE
INTERCOM

25. Standard hardening
stops majority of
attacks
Intuitive and user-
friendly IT policies
System maintenance
process
User education –
Embrace security
culture
How about Cybersecurity?
The goal is to make attacks
expensive rather than impossible.

26. Integrated surveiliance & dtection

27. Security-based operations
Security
Culture
3. OPERATIONAL DEFENCE
• Security Awareness
• Training, Tabletops & Drills
• Audits, feedback &
Modifications
• Event post-mortem &
Corrective actions
• Use of disabled cards
• Perimeter breach
• Left baggage
• Tailgating
• Unplanned deliveries
• Unaccounted visitors
• Assets disposal
• Visitor / vendors access
• Maintenance / repair work
• Employees backgd checks
• Purch. & delivery new equip.
• Emgy access by authorities / utilities
Event
Response
Security - based
operations

28. THANK YOU
To download Axis Commmunciations’
“Defending our datacenters” white paper, please visit
http://bit.ly/2fZjtPf