Data center security faces a multitude of risks, but one of the most persistent dangers comes from a single action that facility personnel and their guests undertake every day: walking together through hallways and access points-often referred to as piggybacking. While it may seem insignificant, this practice can threaten access to sensitive data and expose organizations to considerable danger.
What Is Piggybacking and How Does It Happen?
Piggybacking is a significant security threat when an unauthorized individual “follows” an authorized individual with valid access credentials into a secured area. Piggybacking is often done unintentionally by staff holding a door for another person or by people quickly entering the doorway before the authorized individual fully clears the threshold.
Even the best managed and organized of data centers, with the most diligent of employees, can fall victim to this with all the activity, rush and uncertainty that can prevail on any given day within the data center. With incoming shipments of hardware and gear, visitors arriving at the facility for meetings with employees, and a general openness to the public, it is easy for someone to simply assume that another employee has already cleared the person in question. This is not the case.
Why Piggybacking Is a Serious Threat
Data centers hold valuable information and infrastructure. Even a short period of unauthorized access can lead to damage.
An intruder may install malicious software or hardware, connect unauthorized devices to a network, tamper with computer systems, or even simply listen and harvest enough information for a future attack. This type of access can also lead to data breaches or service disruption.
There’s also the issue of accountability. If someone enters without logging access, there’s no clear record of who was inside. That makes it harder to investigate incidents and identify exactly when a breach may have occurred.
Real World Impact and Human Factors
The common perception of a piggyback attack is that of a sophisticated adversary with significant training and technical ability. However, many such attacks are executed by the off-line, “naive” actions of an ordinary user.
Attackers have successfully gained access to restricted areas by dressing up as employees or bringing tools to an event and not being detected. In high-traffic venues, preventing these types of incidents requires robust procedures to be in place.
How To Prevent Piggybacking
First, staff awareness is key. Employees need to understand that access rules exist for a reason. Clear policies should be in place, and everyone must use their own credentials without exception.
Physical controls also help. Access points can be designed to allow only one person through at a time. Biometric systems and keycards add extra layers of protection and improve traceability.
Finally, encourage a culture where it’s okay to question unfamiliar faces. A simple check can prevent a much bigger issue later on, especially in areas where sensitive systems are located.