Properly deploying secure data cabinets

By Paul Stathis
Tuesday, 01 December, 2009


The enforcement of privacy laws has recently placed a greater emphasis on maintaining the integrity of personal and confidential information. Not only must data be securely stored, but the enclosures housing the data must also be physically secure. A government specification strictly qualifies the deployment of these enclosures and, as many organisations begin to utilise these cabinets, consultants and installers may find themselves ill prepared to deploy them correctly.


Nineteen-inch cabinets have been in use for many years, more than adequately housing cabling and active hardware. The cabling industry has done an excellent job specifying and installing the correct enclosures for applications such as wiring closets and data centres. The cabinets themselves have been fairly straightforward to specify and to install.

But the growing demand for secure cabinets has been causing some headaches for ill-prepared consultants and contractors. Several federal and state government departments have issued directives in recent years to house all of their sensitive data in classified ‘security containers’, or cabinets. Without the proper knowledge of how to deploy these cabinets, their security classification could be compromised.

The federal government has developed a stringent specification for the design, construction, delivery and installation of Class B and Class C security containers or cabinets that are endorsed by the Security Construction and Equipment Committee (SCEC) for the protection of classified material. Only a handful of companies in Australia are approved to supply SCEC Class B and Class C cabinets.

Class B and Class C cabinets must be constructed as welded steel frames and fitted with special side panels, doors and fixings that prevent unauthorised access to the data housed within them. Class C cabinets utilise registered and restricted-issue key locks while Class B cabinets utilise a high-security combination lock code system, both of which are SCEC endorsed. Even the cable access points, ventilation systems and cable chimneys are fully specified and must be SCEC endorsed as Class C or Class B.

Paul Camilleri, director of specialist IT and security consulting firm Electronic Technology Consulting, has worked closely with a number of government departments over several years and has seen the increase in demand for these secure cabinets: “Organisations that hold private or sensitive data on people, such as medical, financial or other personal records, have become more accountable for maintaining the privacy of this data as privacy laws evolve. That includes providing physical security in the form of enclosures that prevent unauthorised access to the data.

“Traditionally, secure data storage enclosures have literally been rooms that could only be accessed through a solid locked door. That still applies in many instances like data centres, but as distributed network architecture becomes more commonplace in organisations, sensitive data has found itself being housed in localised networking facilities, typically wiring closets in the middle of office floors.

The SCEC applied its secure-environment criteria to 19-inch cabinets, writing a very strict specification for not only manufacturers to comply with but also for consultants to properly deploy them and for contractors to properly install them, to ensure their certified level of security is not compromised.

“The SCEC has developed a matrix that allows designers to determine the appropriate class of security to be provided in the cabinet, based on the sensitivity of the data to be housed and the risks associated with its unauthorised access. Accredited consultants should utilise this matrix to ensure the right security container is specified for the application.”

Secure cabinets

MFB Products is one of the approved suppliers of these cabinets, and I spoke with General Manager David Bilston to learn more about these cabinets and their specific characteristics.

“They may look like normal 19-inch cabinets, but an SCEC-accredited security container weighs around twice as much as its equivalent-sized normal cabinet. The specification lists standard cabinet sizes to accommodate various applications, even an 18RU wall-mount version, but with all that weight, take care in assessing if the wall is suitable for hanging off,” states Bilston.

“We’ve manufactured our Class B and Class C cabinets to be able to utilise standard 19-inch rack fittings and accessories, like front and rear adjustable mounting angles and shelves. But other fittings, such as vents, cable entry points, side panels, doors and baying kits all have to be compliant to the SCEC specification to ensure the cabinet’s level of security.

“For example, the specification stipulates that cabling can only be brought in through designated cable entry points on the top and bottom of the cabinets. No additional penetrations are allowed to be made into the cabinet, regardless of how much cabling needs to be terminated in the cabinet or where the most convenient place to bring in the cable may appear to be. I know of a contractor who unknowingly cut extra holes in the top of a Class C cabinet to bring in a large bundle of cables, only to find he’d compromised the cabinet’s security. It was an expensive mistake because he had to replace the entire cabinet to ensure the security level was preserved. The cable entry and reticulation is designed in a way that prevents someone pushing something up or down the side to break into the cabinet. The side panels are secured from within the cabinet and can only be removed from the inside. The top and bottom vents are designed with specific-sized holes to prevent access through them, while the optional fans are fitted from the inside only. Even the baying kits have to be SCEC endorsed.”

Proper deployment

“Not only are the cabinets specially designed to be secure, but the whole supply chain is qualified to make sure nothing is compromised”, continues Bilston. “Each cabinet is assigned a unique serial number that identifies the manufacturer, the year of manufacture and its individual number. If the serial number is removed, the container cannot be identified as a Class B or Class C Security container. As an SCEC-accredited ‘security container’ supplier, MFB is required to maintain a database of all cabinets and their serial numbers.

“For Class C cabinets, which utilise key locks, MFB records the locks that correspond with the cabinets. Each Class C cabinet has its own lock code. The end-user is also required to record the code and destroy the ID tag. The cabinets can be supplied configured as either ‘1-door, 1-lock and 2-keys’ or ‘2-doors, 2-locks and 2-keys’ (both locks have the same code). Only two keys are authorised to be issued with each Class C cabinet, which has its own lock code, so it’s not possible to have the same lock on more than one cabinet.

“And don’t lose the keys. Since they’re registered and fully traceable, it’s a very complex, time-consuming and expensive exercise to deal with lost keys.”

Commenting on the challenges that a contractor may incur when installing a security container, Malcolm Edwards, Victorian State Manager for Pacific Datacom, who distributes the MFB cabinets adds: “The keys are shipped independently of the cabinet, which adds to the logistical challenge for installers. Contractors should be aware that Class C cabinets are shipped with the sides fitted and doors locked, so they won’t be able to open it up when it arrives on site and start working on it.

Bilston identifies a couple of other areas where contractors need to exercise care when installing these cabinets: “Where large volumes of cabling need to be fitted into these secure cabinets, cabling chimneys that are SCEC endorsed are permitted to be used, but they must be a fully welded construction and fixed internally. Telescopic chimneys are not allowed, so contractors must determine the cabinet height and accurately measure the ceiling height to give us the dimensions of the chimney to make up for them. And even when using chimneys, all of the cabling must still be routed through the designated cable entry points, with no holes cut in the panels to accommodate any extra cables. It all has to be worked out prior to installation.

“Heat build-up in any cabinet is a concern, especially when a lot of active equipment is housed in them. And these secure cabinets are likely to house a fair amount of active gear, so the SCEC specification has factored heat dissipation into the cabinet design. A series of ventilation holes are specified for both the top and bottom of the cabinet to allow air to circulate, but sufficiently small enough to prevent tampering. Note that the cabinets are designed to facilitate the movement of air but not to provide active cooling. Floor- and ceiling-mounted fans can be fitted over the top and bottom vents, with fixings on the inside, preventing tampering. Doors with vents in them can be ordered as an option to the standard steel doors to facilitate airflow, and fans can be fitted to these also to further improve airflow within the cabinet.”

Since the demand for the level of physical security that these cabinets provide is only going to increase, it is a good idea for consultants to familiarise themselves with the SCEC specification and for contractors to find out more about the cabinets and what’s required to deploy them properly. As the SCEC specification is so rigid, any mistakes could render them insecure and be a costly problem to fix. So the more you know about them and how to deploy them, the less chance you will make mistakes with them.

Related Articles

Powering data centres in the age of AI

As data centres are increasingly relied upon to support power-hungry AI services and...

Smart cities, built from scratch

With their reliance on interconnected systems and sustainable technologies, smart cities present...

Smart homes, cities and industry: Wi-Fi HaLow moves into the real world

Wi-Fi HaLow's reported advantages include extended ranges and battery life, minimised...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd