Physical Security

Two part question... How important is video surveillance when it comes to physical security of your data? How important is that same video to everything else (tech and non-tech) within your premise? For context, I am looking at this from a risk assessment, cyber liability insurance, and/or business continuity perspective.
Who is Participating?
Hi Helfit,

Do you mean so that a photo is taken each time someone enters?  If so, then yes, I agree - good for evidence, something of a deterrent, but not an actual control to stop something happening.

I don't see photos as being all that different to video, except that perhaps the photos might be better quality (depends on many factors of course).

In terms of your risk assessment, cyber liability insurance, and/or business continuity perspectives, and in particular, the insurance side, I have found in the past, that the best option is to ask the broker / insurer what the impact on premiums will be if you do X.

If there is a positive return (reduced premiums), and that return is 'reasonable' at least compared to the business WACC, then it is really a simple decision.  Most of the time though, it won't work out that way, and it will just come down to you trying to best guess what the benefits might be.

One model to use is ITV:

Impact = How significant would it be if this event were to happen (maybe measured in dollar terms)

Threat = How likely is this to happen setting aside any mitigation we have in place (maybe measured in percentage terms per annum)

Vulnerability = How vulnerable are we in particular to this (maybe measured in percentage terms) - Mitigation will reduce this

If you multiply them together you get an expected cost per annum (or whatever you used for the Impact calculation).  You can then re-calculate (guess!) based on some proposed mitigation, and get a reduced (hopefully) expected cost per annum, and decide if the cost of mitigating justifies the reduced cost per annum (the return).

Hi Helfit,

Video surveillance of the physical data storage drives would be relatively rare - I have only seen it in upper end facilities and co-location scenarios (very different scenario there of course).

However, in general, video surveillance is pretty important from a deterrent and also evidence perspective, but let's be clear - it does not actually stop anyone doing anything (unless you count monitoring and a physical response to something seen by that monitoring).

I would always like to have video surveillance on the premises (both outside and inside) if at all possible, and have it running 24/7 not just out of hours.

Does that help?

HELFITAuthor Commented:
Alan, I am in agreement with you. When I said for data, I meant something along the lines of a camera in the data center entrance. I see video as more of a reactive tool. Yes it’s there, probably not monitored, and not much of a deterrent. However, should there be an incident, it can at least be reviewed. I am trying to research/find evidence to support this expense.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.