INFORMATION TECHNOLOGY-ENTERTAINMENT INDUSTRY security is critical because they store large amounts of private, confidential and copyright information and data for processing, analyzing, and distributing—and thereby connect organizations to service providers. They need to secure the hardware and software within them. There are two types of security: Physical security and Software security.
Physical security is the protection of people, information, and assets, such as hardware, software, network, and data, from natural disasters, burglary, theft, terrorism, and other events that could cause damage or loss to an enterprise or institution. Software security involves techniques to prevent unauthorized access to the data stored on the servers. Because new malicious software (malware) is being developed year after year to break the various firewalls protecting the data, security techniques need to be upgraded periodically.
Physical security comprises four-layer protection that provides a defence-in-depth approach in case the control is bypassed. Controls include administrative decisions such as site location, facility design, and employee control/assigning the access level. Physical controls include perimeter monitoring, motion detection, and intrusion alarms. Technical controls include smart cards used for access control, CCTV systems, and intrusion detection systems.
Most organizations focus on software security and firewalls. However, a breach in physical security could cause the theft of data and devices that will make software security useless. It is important to conduct a risk assessment study in compliance with ISO 27001 and implement appropriate security controls to ensure a secure data center.
D&G Security takes into account various factors ranging from location selection to authenticated access of the personnel into the facility, monitors, and audits vigorously for the safety and security of the premises of INFORMATION TECHNOLOGY-ENTERTAINMENT INDUSTRY. To prevent any physical attacks, the D&G Security considers the following:
- proximity to high-risk areas, such as switchyards and chemical facilities
- availability of network carrier, power, water, and transport systems
- likelihood of natural disasters, such as flooding, lightning strikes, earthquakes and hurricanes
- an access control system with an anti-tailgating/anti-pass-back facility to permit only one person to enter at a time
- a single entry point into the facility.
D&G Security monitors the safety and security of the production areas, studios, storage and rack rooms with authenticated access through the following systems:
- closed-circuit television (CCTV) camera surveillance with video retention as per the organization policy
- vigilance by means of 24×7 on-site security guards and manned operations of the network system with a technical team
- periodic hardware maintenance
- checking and monitoring the access control rights regularly and augmenting if necessary
- controlling and monitoring temperature and humidity through proper control of air conditioning and indirect cooling
- uninterruptible power supply (UPS)
- provision of both a fire alarm system and an aspirating smoke detection system (e.g., VESDA) in a data center. A VESDA, or aspiration, the system detects and alerts personnel before a fire breaks out and should be considered for sensitive areas.
- water leakage detector panel to monitor for any water leakage in the server room
- rodent repellent system on the premises. It works as electronic pest control to prevent rats from destroying servers and wires.
- fire protection systems with double interlock. On actuation of both the detector and sprinkler, water is released into the pipe. To protect the data and information technology (IT) equipment, fire suppression shall be with a zoned dry-pipe sprinkler.
- cable network through a raised floor, which avoids overhead cabling, reduces the heat load in the room and is aesthetically appealing.
D&G Security follows the following best practices for building up security at INFORMATION TECHNOLOGY-ENTERTAINMENT INDUSTRY facilities:
- Conduct regular audits. Internal audits check the implemented systems and processes. An external audit is used to check the commitment of internal audits. Audits should check for any vulnerabilities in the facilities that are provided to ensure security. Check to see if access control systems, CCTV cameras, and electronic locks are functioning and are being maintained. Check if any job role changes in the employees call for an update in the procedures and systems.
- Strengthen access control systems. As an outcome of the audit checks, any facility requiring extra protection should receive additional security. For example, multiple verification methods for personnel entry into a certain area may be recommended, such as an access card and fingerprint or retinal recognition. Make an audit of the entire facility to check if the access control system needs to be tightened.
- Enhance video surveillance. Video cameras should include both indoor and outdoor areas of the facility. Similar to the access control systems, coupling these with 24-hour surveillance by security staff can significantly enhance the safety of the facility.
- Enforce security measures. This requires employee training on the security measures to be followed and the consequences if procedures are violated.
- Establish redundant utilities. Create redundancy in utilities like electricity and water and distribute the same to avoid common-mode failures and to achieve high availability of the systems.