Physical Security

Two part question... How important is video surveillance when it comes to physical security of your data? How important is that same video to everything else (tech and non-tech) within your premise? For context, I am looking at this from a risk assessment, cyber liability insurance, and/or business continuity perspective.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi Helfit,

Video surveillance of the physical data storage drives would be relatively rare - I have only seen it in upper end facilities and co-location scenarios (very different scenario there of course).

However, in general, video surveillance is pretty important from a deterrent and also evidence perspective, but let's be clear - it does not actually stop anyone doing anything (unless you count monitoring and a physical response to something seen by that monitoring).

I would always like to have video surveillance on the premises (both outside and inside) if at all possible, and have it running 24/7 not just out of hours.

Does that help?

HELFITAuthor Commented:
Alan, I am in agreement with you. When I said for data, I meant something along the lines of a camera in the data center entrance. I see video as more of a reactive tool. Yes it’s there, probably not monitored, and not much of a deterrent. However, should there be an incident, it can at least be reviewed. I am trying to research/find evidence to support this expense.
Hi Helfit,

Do you mean so that a photo is taken each time someone enters?  If so, then yes, I agree - good for evidence, something of a deterrent, but not an actual control to stop something happening.

I don't see photos as being all that different to video, except that perhaps the photos might be better quality (depends on many factors of course).

In terms of your risk assessment, cyber liability insurance, and/or business continuity perspectives, and in particular, the insurance side, I have found in the past, that the best option is to ask the broker / insurer what the impact on premiums will be if you do X.

If there is a positive return (reduced premiums), and that return is 'reasonable' at least compared to the business WACC, then it is really a simple decision.  Most of the time though, it won't work out that way, and it will just come down to you trying to best guess what the benefits might be.

One model to use is ITV:

Impact = How significant would it be if this event were to happen (maybe measured in dollar terms)

Threat = How likely is this to happen setting aside any mitigation we have in place (maybe measured in percentage terms per annum)

Vulnerability = How vulnerable are we in particular to this (maybe measured in percentage terms) - Mitigation will reduce this

If you multiply them together you get an expected cost per annum (or whatever you used for the Impact calculation).  You can then re-calculate (guess!) based on some proposed mitigation, and get a reduced (hopefully) expected cost per annum, and decide if the cost of mitigating justifies the reduced cost per annum (the return).


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cyber Security

From novice to tech pro — start learning today.