1

I quote from this article Forget about hacking – your servers might get stolen:

Are data centers as secure as they want you to think?

Though security is often a selling-point for many data centers, they aren’t necessarily safe from theft. There have been plenty of incidents involving hardware theft from data centers.

A few examples:

  1. Multiple robberies at a Chicago data center
    The Chicago-based colocation company CI Host had its data center broken into on October 2, 2007. The intruders passed through a reinforced wall with the help of a power saw, attacked the night manager with a tazer, and stole at least 20 servers. This particular data center had at that time been burglarized at least four times since 2005.
  2. Fake police officers rob Verizon data center
    A Verizon Business data center in northern London got $4 million worth of computer equipment stolen on December 6, 2007. The “heist” was done by between three to five men dressed as police officers. They managed to gain entry to the data center and tied up the five staff members before stealing the equipment....

I would imagine that it would be much easier for someone inside the data center to steal data by taking out a raid disk during routine maintenance. Besides the implicit trust to host your server there, how do you protect yourself from being an unknowing victim of data theft? Would full disk encryption work if you need to supply them the password for performing maintenance?

Question Overflow
  • 5,220
  • 6
  • 27
  • 48

1 Answers1

3

If you are giving them both the thing to be protected and the means to access it, no, the encrypted disk is still vulnerable.

Typically you would handle this through separation of duties. The person who has physical access to the machines would not also be given logon rights to the machines, nor would he be given access to any of the decryption keys. For example, if we have a maintenance person replace a failed hard drive, he has to call the help desk to have the system re-imaged. For a somewhat smaller shop, you might have one hardware guy with keys to the server cabinet, and a sys admin who has the root password and the encryption key, but no access to the server room. You might not even let your sysadmin or DBAs have the database encryption keys - perhaps only your security officer would have that.

In case of emergency, you can keep a copy of the keys in a safe. So at 02:30 AM when the SAN goes down, the sysadmin calls the security officer at home, the SO gives him the combination to the safe, and he gets the system back on line before the SO arrives at the office. However, that sysadmin is obviously someone who now has a special responsibility, and he will be a suspect if that data later shows up on a crime web site.

John Deters
  • 33,650
  • 3
  • 57
  • 110