How this PCI DSS Server Bracket protects your bank account
The Payment Card Industry Data Security Standard (PCI DSS) is a standard set by the Security Standards Council that aims to protect cardholder information. Since everyone’s financial data is in the cloud these days, RackSolutions created a new solution for individual server compliance.
What the PCI DSS Bracket accomplishes
PCI DSS compliance is mandatory in the US, and there are a significant number of requirements needed to maintain that status. This includes using firewalls, custom passwords, encryption, antivirus software and more.
The requirement that we were focused on is restricting the physical access to cardholder data. In doing so, we made as much use of locks and keys as possible in 2 units of rack space.
Our PCI DSS server bracket uses two locks with two unique keys to maximize the protection of your important data. We made unique keys so that two different employees could handle them. This way if one is compromised, no unauthorized person will be able to unlock the bracket.
Construction of the PCI DSS Bracket
In order for the bracket to be as secure as possible, we designed a mounting bracket that threads into cage nuts behind the server ears. When the server and locking bracket are mounted correctly, there is no way to access the screws to detach the bracket.
Since the server ear fits in between the locking bracket and secure server assembly, we needed to make sure that all different ear sizes would be able to fit. This resulted in adding holes at four different lengths of the server attachment brackets. As a result, there is more compatibility for different kinds of servers.
The total outside width of the PCI DSS Bracket is 19.67 inches. This is barely larger than your typical EIA 19 inch server standard. Height will also not be an issue when using this bracket because at a total outside height of 3.48 inches, it takes up just under 2U spaces even when installed on a 2U server.
Why is physical security necessary for data centers?
Although this bracket is specifically designed to meet requirements for payment processing, any type of mass data loss is usually damaging to companies and customers.
For instance, the healthcare industry doesn’t have the same data security regulations as payment processing institutions, but has a massive issue with stolen healthcare data. Like financial data, there is a black market that buys and sells healthcare information.
In 2016, hard drives were lost at Centene Corporation containing 950,000 individuals’ healthcare information. All this information was stored on 6 hard drives that could easily be stored in a backpack. Now, that information could be purchased by scammers online who will use it for phishing calls, emails or blackmail.
Because hard drives are often hot swappable in server setups, they can be easily removed. For instance, this 2U server houses 12 hot-swappable hard drives in the very front where anyone could release and remove them.
Data encryption is a good step towards protecting data on a server, but having adequate physical security is necessary for full coverage.
