Security has always been a priority in the data center industry, but the upcoming California Consumer Privacy Act (CCPA) will require taking a new approach to creating a data management strategy. Simply put, a one-size-fits-all approach just doesn't apply this time around. Because CCPA is what some believe will become a de facto standard for data privacy in the United States in the absence of federal legislation, it is important that data centers understand how to prepare using methods that help to ensure compliance and CCPA readiness.
Regulatory and Compliance Requirements
CCPA is slated to take effect in January 2020, giving businesses six months to comply. CCPA has been compared to the European Union's landmark General Data Protection Regulation (GDPR), as they both share similar principals when it comes to the protection of personal data:
- The right to know: Transparency rights to access and request information regarding how their personal data is being used and processed.
- The right to say "no": Individual rights to limiting the use and sale of personal data, particularly regarding the systematic sale of personal data to third parties, and for limiting analysis/processing beyond the scope of the originally stated purpose.
- The right to have data kept securely: Provide consumers and individuals with mechanisms for ensuring their personal data is kept with reasonable security standards by the companies they interact with.
- The right to data portability: Grant consumers the right to have their data transferred in a readily usable format between businesses.
How Should Data Centers Prepare?
While every organization is expected to use their own judgement to ensure they have taken appropriate technical and organizational measures to ensure compliance, the need for secure IT networks and the prevention of unauthorized access to electronic communications networks should be considered. While access control may seem an obvious part of any security policy, data centers must be able to demonstrate that they have the appropriate access policies in place.
Cabinet-Level Electronic Access Control (EAC) Solutions
Electronic Access Control (EAC) solutions are essential in addressing user access management issues within the data center and can be an extremely cost-effective method of delivering intelligent security and dual-factor authentication to the cabinet.
Here are some key features to consider when selecting an EAC solution:
Dual-Factor Authentication: Dual-factor authentication takes data security to another level. One of the most secure forms of physical access verification is biometric authentication. A cost-effective and secure dual-factor authentication solution is a finger-print activated card that is able to work with existing EAC or other card-activated locks.
Remote Management and Reporting: Using a simple, user-friendly web interface to remotely manage the networked EAC locks allows the user to remotely monitor, manage and authorize each cabinet access attempt. Using this type of intuitive interface provides an audit train for regulatory compliance.
IP Consolidation: Data centers can realize dramatic savings in networking costs and deployment times through the ability network several locks through IP consolidation. It is now feasible to choose a solution that will allow up to 32 EAC controllers (32 cabinets) to be networked under one IP address.
Combining EAC with Environmental Monitoring: Choosing an EAC solution that offers added benefits, such as environmental monitoring, can ensure a much faster return on any initial investment. Solutions that can monitor both temperature and humidity through the same web interface and issue proactive notifications and help prevent downtown.
To learn more about EAC and other methods of ensuring security and compliance, please click here.
Brittany Mangan, Digital Content Specialist