Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Physical Security - How many IT Departments have Restricted Access?

From: Theresa Rowe <rowe () OAKLAND EDU>
Date: Mon, 10 Nov 2008 16:50:50 -0500
Our IT department is in an open classroom building on the main floor.  We do
not have any formal entrance nor do we have a reception area.  Our hallway
offices are the main pass through to another building that was adding to the
campus around 8 year ago.  The datacenter is in the middle of this area,
with glass walls that we painted sometime in the early 1990s.  At least the
datacenter doors have keycode access.

Theresa Rowe

On Fri, Nov 7, 2008 at 5:22 PM, Clark, Sean <Sean.Clark () ucdenver edu> wrote:


 Greetings, all.  I am new to the Educause Security list and I hope that I
am posting this question to the right list.

I am the manager of a newly created IT Security group at a university and I
have a question for other IT professionals on this list.  There has been a
recent initiative that was been proposed by one of our upper management
people to unlock the front doors of our IT department during business hours,
in order to be more customer friendly and not make people who visit our
offices feel that they are not trusted.

Background:
We've had ingress to the IT department offices restricted by badge access
for many years.  Within the offices there is a server room that has
separately-keyed badge access (representing two layers of physical
security).

While I acknowledge that there is a negative impact to convenience that is
associated with restricting access to IT services premises, I have been
making the argument that unlocking the doors would increase the risk to:

1) unsecured hardware that may contain private data (mostly customer/user
systems that are being repaired by workstation support)
2) the workstations of multiple admins who are using elevated accounts to
access to switches, routers and servers with private data on them
3) a variety of laptops, PDAs and other portable devices, owned by the IT
department and our customers
4) one less layer of physical security protecting our server room

I'd like to hear back from IT professionals at other universities, to see
where our department sits in comparison to the norm: is access to your IT
department restricted?  If so, how is that access restricted?  If your
department is not physically secured, what kinds of problems have you run
into?

Thanks, in advance, for any thoughts/suggestions that you are willing to
share.

Sean







--
Theresa Rowe
Chief Information Officer
Oakland University
Previous By Date Next
Previous By Thread Next

Current thread: