(800) 233-0298
IDenticard Insights

Bring a Friend: The "Two-Man Rule" & What It Means for Data Center Security

Posted by Dan Ryan on Apr 28, 2016 8:30:00 AM

Rack_Armor_protecting_a_row_of_servers.jpgIt's something everyone heard at some point as a child: "Use the Buddy System!"

Along with making parents feel better and keeping kids safer, the idea of the Buddy System also added a layer of accountability to any action: whatever was going on, there would be two people there to witness it.

In the field of information and data center security, there's a similar idea: the two-man rule.

The two-man rule adds accountability to any data center operation, adds security by preventing rogue individuals from doing any harm and lessens the dangers that can come from a lost access card or key.

In short, the same principle that guided the Buddy System that helped keep you safe as a child can help keep your data safe today. 

What is the two-man rule in data center security?

When it comes to data center and information security, the two-man rule is pretty basic. It refers to a situation where two people must jointly perform some kind of action.

The term is said to have military origins, referring to the process the United States government instituted decades ago regarding the launch of a nuclear weapon: two different people had two different keys, and each had to use his or her key at the same time to initiate any kind of action.

The reason behind the military's process is clear: no one would want a single person to have access to that much power, and giving a single person access to such a weapon would pose a huge security risk.

In the data center security world, the two-man rule follows the same logic: there's far too much sensitive data in today's server racks to leave access up to a single person.

The two-man rule doesn't just apply to physical data centers. In fact, the National Security Agency (NSA) put a two-man rule in place a few years ago, shortly after the massive data leak initiated by Edward Snowden.

The NSA's two-man rule is more digital: it requires two people, usually high-level system administrators, to be present for the transfer of any kind of sensitive data. This procedure is meant to prevent any rogue employee from being able to initiate the downloading or exporting of data on his or her own.

How does the two-man rule help secure a data center?

The two-man rule helps add security to a data center in a number of ways, mainly by both discouraging data theft from being attempted and by stopping data theft in progress.

The two-man rule helps cut down on worries about a rogue or disgruntled employee doing nefarious things with a company's data. Without the two-man rule, an upset employee could scan his or her own employee badge (or steal a co-worker's) and then have unlimited access to servers. With the two-man rule, that same employee would have to use two different cards to gain access to the racks.
  • The two-man rule helps discourage data theft from even being attempted. With a single-scan system, any thief or hacker would need only to steal or clone a single card to gain access to server racks. With the two-man rule, two different cards would be required, doubling the effort and risk necessary to illicitly acquire the cards.
  • The two-man rule ensures that only authorized employees have access to server racks. When only a single card is required to be scanned for access to a rack, it's entirely possible for a person to steal a co-worker's card to scan his or her way in. However, having two people present ensures that there's always someone to verify the identity of the other party involved.

How can you implement the two-man rule at your data center?

By now, it's pretty clear that the two-man rule is an important and necessary security measure at data centers both large and small. So how can you take steps to intitute a two-man rule at your site?

Rack Armor!

Rack Armor is an award-winning physical data center security solution designed to both monitor and limit access to server racks. Rack Armor was designed by IDenticard Access Control, a group that has decades of experience creating and implementing security solutions of all kinds.

In Rack Armor, there is a feature called multi-party control, which requires that two cards with authorized access to the rack be scanned within ten seconds of one another in order for a server rack door to be opened. Multi-party control is the two-man rule, just with another name.

Rack Armor provides a wealth of additional features that add security to your server racks, including:

  • Integration with existing video surveillance systems. Rack Armor can be used in conjunction with an existing system, providing added security: call up a video feed when a rack is opened, or review surveillance video in case of issues. A surveillance camera can be positioned at the top of the rack, perfect for capturing keystrokes when a computer is being used on the rack.
  • A variety of configurable alarm acknowledgements. Rack Armor can alert a user when a rack is accessed, when a rack is forced open, when a rack is left open for a predetermined length of time and more.
  • Detailed reports of all rack access data, including the time and date of access, the name of the cardholder who accessed the rack and more.

To learn more about Rack Armor, including how its features can be personalized to meet the unique needs of your site, click the button below and fill out the form to be put in touch with one of our data center security experts.

Our team members will provide you with more information about our Rack Armor solution, discuss your challenges and more.

Get more details on Rack Armor

Topics: access control, Rack Armor, server security, modern security, data security, two-man rule, security tips

Subscribe to Email Updates

Posts by Topic

see all

Follow Me