Who Gets Access To Server Rooms?

I worked on many access systems that hung a reader on only a single door within the building perimeter: the server closet. Granted, there might be 4 or 6 doors that faced outside area that were all controlled - but it almost was an unwritten rule the server room or telecom closet was controlled too.

This makes sense to me: physical security trumps logical security, but only if implemented properly.

It always amazed me at who was given access to that room. Sure, as far as 'regular' employees, only the IT staff would have exclusive access.

...but the cleaning crew, maintenance staff, contract security guards, and so on, those folks were given access too. Indeed, I have seen a service call on account of a janitor wet mopping near a server rack.

So my question is: Who typically has access to server rooms? Do you advise or enforce a certain level of access control to your video/access/data servers?

Cleaners, no. Security, yes. Maintenance, yes. The problem I saw was that often no one from IT was around to open the door if maintenance needed to get in, so it was simply easier to give access to security and maintenance.

I tend to recommend using locking cabinets if multiple departments need access to a room for different reasons, though. Whether or not that gets implemented is a 50/50.

Only myself and management have access to our office server room. Granted I am the only IT employee on site. Regular techs, cleaners, and other office staff need to see either myself of management to be let it.

Ive seen other offices have no access control at all, ive even seen one office building that does not even have a door on their server room. In fact, when I had to do work in one of those buildings, the manager was shocked that I even asked him for access to the server room, told me to just go upstairs the door is always open. I just shook my head.

In our location only Security (In house not guards), Facilities and IT have access to the room. The room is treated like it is a vault, outside and inside are under surveillance (CCTV) and anyone with access to these areas has to sign a number of Confidentiality agreements and have a complete background check. Everyone else has to be escorted.

We have a couple of different EAC systems on campus, one of which is Schlage SMS. We populate the card holder records but leave it up to the IT VP to decide who gets access to the server room. She has written policies and procedures in place. Apparently, we have outside auditors that check that sort of thing.

I have about six servers in that room and am in charge of the EAC systems on campus; however, I had to beg for access. Needless to say, it is tightly controlled by IT. Technicians that need to access any of the servers must either sign in at the front desk or be escorted into the server room.

I have even seen where they replace a simple electromechanical keypunch lock with an access card system but don't remove the old system. Guess what, first attemp on the old keypad 0000 and I was in. Their excuse, not everyone has a badge. That's when I right up the non compliance report.

Generally we ensure acess to these rooms are restricted to authorized employees only. Contract staff like cleaners or maintenance , have to work during normal work hours and supervised. if there is an emergency there is always a way to shut down power or go back to the handy axe.

We also advise two forms of authentication such as card and pin.

in addition it is recommended that these access levels are treated separately from general acces such as those for IT staff. Just because they are IT does not mean they should have access.

From a mid-sized (20K enrollment) higher-ed institution (and from an IT perspective) - Data centers (qty. 2) are largely on an as needed basis on EAC access. We actually do have the physical keying locked down pretty well as well. Video surveillance is in there but light. On communications closets (qty. 200+) we're slowly rolling out video surveillance to them all. All new construction and renovations get it up front, we're retrofitting others as we can. Electronic Access control hasn't even really started on those yet but it's on a list. Physical keying of them is below par at best (far too many people have access) and is an issue even after a recent new "physical key plan" was put in place. It will be a few more years before we have a better handle on this unfortunately and part of that is why we are focusing more on the expansion of the video. We're in better control of that so at least we have a record. Most comm closets are "lights out" (someone being in there should be rare) and we have motion rules that email the network operations team snapshots if someone goes in. We'll do some fancier stuff as our time and budgets allow, or a "fire" necessitates it. We try to be as proactive as possible with these things in this case we're tackling it as best we can at this time.

At a college I was working at, I was surprised the building network campus IDF was in the Janitor closet with the mop sink. Walk 15 feet from the door and there are all the fiber connections and Cisco gear. No cameras in that room, just Bosch SD cameras installed at some of the entrances. However, you could get to the room without being on camera and do some damage if you were an upset employee. NOTE: I didn't have anything to do with the cameras in this building.