Cages in datacenter?

  • What's the purpose of cages in datacenters? Is it a requirement for PCI DSS?

  • We had to have one, but it was because of CJIS (FBI) requirements.

    Fundamentally they're for when you compliance requirements force you to treat DC employees as untrusted.

  • Sometimes customers just want them for whatever reason, in addition to any sort of legal requirements... based on laws written by people who don't understand technology. Ironically these same laws typically don't require cages if it's in your business or house, even though it's far less secure than in a data centre. Yet plenty of businesses think their crappy glass door and alarm, from a company which isn't likely to respond, is just as good as a secure data centre, if not more secure, and if they're forced into the position they want a cage at the data centre, sometimes they want to try to keep any keys away from anyone who works there making their lives a living hell.

    Fire these customers.

  • The place that I see them most is in DCs that allow questionable public access rather than having dedicated, screened DC workers only getting access.

Log in to reply