Comment by belter
5 hours ago
I can already write the headline of what this will be in five years...
"Swiss Government Moves Back to Cloud After Discovering Cleaning Staff Had More Physical Access Than IT Security Team"
5 hours ago
I can already write the headline of what this will be in five years...
"Swiss Government Moves Back to Cloud After Discovering Cleaning Staff Had More Physical Access Than IT Security Team"
This gets me wondering, who does the cleaning at data centers and such? Do you need to do background checks to swing the mop in there? Is there a market for high clearance cleaning personnel? (like with the extended PSP in CH)
My hunch is telling me there could be a couple positions with decent money (by normal person standards) for little work in that direction. Wouldn't be the first time I've been wrong though.
Yes, it's routine to hire background-checked cleaning crew, and some higher-security operations even require the company to put up an extra bond. One only needs a clean enough record, but I've known a few people in housekeeping with old drug convictions who still had no problem working in secure areas at defense contractors. When they would go into the secure area, there would literally be a flashing light with someone loudly announcing "INSECURE!", and everyone working there would lock their screens and basically go on coffee break. Obviously not a thing a server room has to do, but those have cameras watching the every move of the cleaner, the racks are in locked cages, and the cleaner has to leave any electronic devices they have in a bin at the door. It's not like they search them thoroughly, but there are severe consequences for getting caught, and they don't have or need much time to clean the server rooms anyway, let alone get away with espionage.
There's still a lot of mischief you could pull off with a cleaning crew, but facilities maintenance beyond housekeeping has a lot more opportunities.
A good moment to point out that the infamous "cyber bunker", a data center catering to criminals, was infiltrated by a female police officer who managed to get hired as a cleaning lady.
https://en.wikipedia.org/wiki/CyberBunker#Documentary
Criminal organizations have the problem that they can't exactly run a background check. They need other criminals, and of course there's an obvious problem with that...
1 reply →
Probably you can employ cleaning robots quite well in server rooms.
The direction the industry has taken is not to hire elite mop guys, but to make physical access threats less and less relevant.
You mean the cleaning staff of AWS, Google, or Microsoft? The goal is to avoid that, I believe.
I would be more concerned that many data centers in Switzerland are owned and operated by large foreign companies and some of their physical security is questionable. Not at all what you see in their ads and I would say you are only as secure as the least secure DC you have...