Mission truly impossible: data theft in a high-security data center

It always looks very easy on TV: The PIN code is scouted out in advance and the personal key card is stolen with a clever trick. A few cameras are then dodged and you have access to the "top secret" data of the desired company. But what is the truth behind the depictions in various action films? We can reassure you: You won't get far with this tactic – in fact, not even as far as the entrance hall of the data center.

During an exclusive look into our data centers, the servers, which are essentially responsible for the functioning of ID Austria, can be examined in real life. Probably even more exciting, however, is the insight into the measures taken for the secure storage of the servers on the one hand and for the secure maintenance of the system on the other.

Back to the scenario mentioned at the beginning: what is stopping skilled card thieves from getting into the A-Trust server room, which is located inside the building?

From the outside, the data center doesn't look particularly impressive - it's hard to guess that essential systems for maintaining the A-Trust QES (e.g. ID Austria) are stored in this rather inconspicuous building. Anyone expecting high walls or security systems like those at Fort Knox will be disappointed. However, the first obstacle awaits potential data thieves at the entrance door: in addition to the personal key card, your own palm must also be scanned. This means that unauthorized persons cannot even reach the entrance hall and everyone who opens the door is clearly identified.

Anyone who then finds their way through the labyrinth of server racks to the A-Trust server room is again confronted with a card reader, which also requires a personal PIN as a second authentication factor. However, a solo action is not enough here: To enter the A-Trust server room, a second person authorized by A-Trust is required, who must also authenticate themselves via card and PIN - thus ensuring a so-called 4-eye principle.

But how do you become an "A-Trust authorized person" - also known as an "A-Trust Security Officer"? These are selected persons who fulfill the specified role profile. This requires, for example, a clean bill of character and regular training on (new) potential threats and state-of-the-art security practices. Various other factors are also taken into account, such as company affiliation and specialist knowledge, including on topics such as cryptography and public key infrastructure (PKI).

Scenario 2: Break-in from the adjoining room.

Creative minds may have already come up with the idea of simply renting the adjoining room and then gaining access underground through the false floors. But here, too, the answer is no: Although double floors do exist, the thick partition walls that separate the rooms from each other extend far below them.

But what if, for some unknown reason, someone does manage to break into the A-Trust server room? Goal achieved, hand over the data and take over the system? Not quite, because the keys of the signing persons are stored on HSMs, which in turn are locked in safes. The term "HSM" stands for Hardware Security Module and refers to a certified hardware component that manages the users' private keys. Special (data) protection is guaranteed by the fact that the keys can be used but not exported.

Because we can of course tell a lot ourselves, the A-SIT Secure Information Technology Center Austria and the Austrian Regulatory Authority for Broadcasting and Telecommunications (RTR) regularly check compliance with security regulations. An interesting aspect of this: We have imposed some of the very strict requirements on ourselves; having our own premises in the data center is not a must, for example.

We have now established why it would be extremely difficult to break into the data center.
But what if technical faults or external influences threaten the functioning of the system and thus the A-Trust QES?

Power failures happen and even the best server can break down at some point. How can the operation of the system then be guaranteed?

A number of precautions have been taken to guarantee the power supply, for example: the computers are equipped with redundant power supply units. If one of them breaks, there is still a backup until it can be replaced. The data center is also not usually affected by local power failures - the reason for this is a direct line to the power provider. Should a power failure nevertheless occur, a UPS power supply is used and thanks to the marine diesel-powered emergency generator, the data center can be operated for a further 24 hours.

Still not enough? Because sometimes the unexpected does happen, we also have one last joker in our pocket: a second, redundant (and equally well-secured) data center at a different location.