As a result of a security audit there's the need to lock the racks and manage the keys:
- Keep the keys safe
- Record key usage
Complying with these two requirements has many challenges as there are a lot of possible sysadmins and netadmins (around 10) that need access to the server room.
We are considering several possible solutions but everyone has some drawbacks, mainly related to who is the key master and how to maintain availability in the case of absense of such person.
Do you lock your racks? How do you manage the keys to assure availability and accountability?