Educause Security Discussion
mailing list archives
Re: Physical Security - How many IT Departments have Restricted Access?
From: Ken Connelly <Ken.Connelly () UNI EDU>
Date: Fri, 7 Nov 2008 19:04:20 -0600
We have a similar physical layout. There is one door to the IT office
area from the hallway that is unlocked during business hours. A
reception desk inside that door is usually staffed, but not 100% of the
time. There are other staff near the reception area that respond to
visitors when the reception desk is vacant. We've operated in that mode
since moving to our current location in 1990 without incident.
Clark, Sean wrote:
Greetings, all. I am new to the Educause Security list and I hope
that I am posting this question to the right list.
I am the manager of a newly created IT Security group at a university
and I have a question for other IT professionals on this list. There
has been a recent initiative that was been proposed by one of our
upper management people to unlock the front doors of our IT department
during business hours, in order to be more customer friendly and not
make people who visit our offices feel that they are not trusted.
We've had ingress to the IT department offices restricted by badge
access for many years. Within the offices there is a server room that
has separately-keyed badge access (representing two layers of physical
While I acknowledge that there is a negative impact to convenience
that is associated with restricting access to IT services premises, I
have been making the argument that unlocking the doors would increase
the risk to:
1) unsecured hardware that may contain private data (mostly
customer/user systems that are being repaired by workstation support)
2) the workstations of multiple admins who are using elevated accounts
to access to switches, routers and servers with private data on them
3) a variety of laptops, PDAs and other portable devices, owned by the
IT department and our customers
4) one less layer of physical security protecting our server room
I'd like to hear back from IT professionals at other universities, to
see where our department sits in comparison to the norm: is access to
your IT department restricted? If so, how is that access restricted?
If your department is not physically secured, what kinds of problems
have you run into?
Thanks, in advance, for any thoughts/suggestions that you are willing
Ken Connelly Associate Director, Security and Systems
ITS Network Services University of Northern Iowa
email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373