Physical security of IT assets: How to keep your facilities safe

The physical security of IT assets is becoming increasingly important due to the volume and importance of data stored by companies. The main threats include natural disasters (e.g. fire), unauthorised access to premises, and vandalism. Learn more about why and how to secure your company’s IT assets.

Physical security: Person entering the access code to the server room.

The importance of physical security

Protecting the IT assets that enable or facilitate a business should not even be a question. The problem is that many managers do not realise the scale of the threat. 54% of data breaches across all sectors included a physical attack as the main method. (“2019 Payment Security Report”, 2019 Data Breach Investigations Report. Verizon.)

Physical security is so crucial as data breaches are both time- and money-consuming. Imagine a situation where a thief sneaks into the company’s server room. In a situation like this, they have all this important information at their fingertips. Access to the room should be restricted to only those who need it. With physical security, the thief has to go through a lot of security layers, making access to data almost impossible, or at least very limited.

Physical security: Threats

The range of potential threats is infinite, but to simplify, let’s divide them into four groups: internal, external, man-made, and natural.

Sometimes important information can find its way outside the HQ building if it’s leaked by an employee (the bigger the company, the greater the risk). The reasons can be manifold – to humiliate the employer, for financial gain (by selling data to competitors or the media), etc. However, we need to remember that an action like this does not have to be intentional at all – sometimes, all it takes is a small mistake, such as losing a laptop or sending an email to the wrong address.

Threats can also be directed from outside the company in various forms. Especially in the case of companies that manage valuable data, an example might be a spy who, paid from the outside, joins the company to steal data.

There are also natural threats, such as fire or flooding. In this case, not only data but also hardware and (most importantly) employees are at risk!

Physical security: Security guard checking camera images.

Physical security guidelines

Creating an exact list of necessary protection measures depends largely on the company’s needs. The greater the value of the equipment or data, the greater the steps that should be taken to protect them. A proper alarm system is essential to prevent an unauthorised person from getting into the office or server rooms. Before anyone enters the office premises, they should pass through the appropriate security checkpoints (e.g. gates or guards). The entrance to the building should, on the other hand, be secured with more than just locks. Instead of a simple key, magnetic cards can be used. These cards enable a company to check who is or was inside the building or limit the access of individual employees to the office at given times.

It is also worth investing in camera and sensor systems that track movements. In this case, remember to install lighting that will make it easier to monitor particularly critical areas (especially after working hours). Smoke, heat or water detectors will ensure quick response in the event of a fire or flood in the office. In the case of high-risk data and/or particularly endangered locations, security guards should protect entrances to the building, or server rooms at all times.

Another option is to use IoT solutions for securing server rooms or even mobile valuable goods. With cameras, sensors, digital keys and asset trackers holistic systems can be implemented, in which passive monitoring and active protection can be smartly combined.

There are lots of different security systems available. However, before implementing any of them, the whole range of potential scenarios should be analysed as thoroughly as possible.

Physical security as-a-service

“In Europe, the majority of IT managers (77%) stated that the physical security of their company’s assets was outdated” (“76% Security Professionals Face Cybersecurity Skills Shortage: Report.” May 7.2020. CISOMAG.) . Traditional methods of protecting data, software, hardware and human resources have to be upgraded. PSaaS (Physical security as-a-service) is a cloud-based interface that enables managing doors, locks, alarms, and much more.

The major advantage of this solution is that the office can be kept secure anytime, anywhere, and by using any device. For example, when the door is opened or closed, or the alarm is activated or deactivated, managers will immediately receive a notification telling them when and by whom the action was performed. This way, it will be possible to react faster and take the appropriate steps. Additionally, permissions can be managed easily so that employees only have access to the areas they need.

Your IT partner will be happy to advise you on finding the right solution for your requirements and support you with installation and staff training.