This post outlines the most security issues missed by vendors that you should remember during your colocation in Vietnam selection process.
An accessible reception doubles up as site security
It may seem strange to say, but the presence of security guards, or receptionists doubling up as security, on an easily accessible front desk at your data center reception or lobby could actually be a serious security risk – for your data, equipment and also for the personnel themselves.
If the facility is compromised, they may be subject to intimidation or a duress situation and could become part of an incident themselves rather than be able to respond to it in an appropriate manner – and, in such a scenario, you can guarantee that they will protect themselves and their own personal well-being over that of equipment within the data center.
Instead, colocation Vietnam vendors should keep their staff in a separate, protected and purpose built control room where they can observe incidents and make cool-headed decisions, from out of harm’ s way.
If the data center’s technical security controls and monitoring capabilities are strong enough, then they should not need to keep security personnel on reception to enforce access rules and turn away unwanted visitors. It may save money to offer a double function on the reception desk, but it’s not best practice.
Access control records cannot be provided with certainty
Your vendor should have full visibility of who comes in and out, and all access attempts, both successful and denied, should be logged so that they can provide with certainty details of who was in the facility at any particular time and date. It is vital that you quiz them about their methods to make sure that the logging process is water tight and can be reported on in detail.
Besides, contractors and staff should undergo similar authorization procedures as visitors, with identity badges used to differentiate the working staff at colocation Vietnam Ho Chi Minh. A log of all these visitors should also be kept. As a client you should be able to request all access attempts by your members of staff and a record of any 3rd party engineers you may have authorized along the way.
If this information cannot be offered or substantiated then it could point to a substandard access control system, and could be a red flag for any accreditations that require this information as part of an audit.