Hi guys,

 

I’m currently consult on a project for a boutique colocation data center where the client's IT department is pushing hard for a 'Zero Trust' architecture—not just for their network, but extended to physical access.

 

We’ve already got OSDP readers at the perimeter and biometrics for the main halls, but the tenant requirements for cabinet/rack-level security are getting increasingly granular. They are starting to push back against traditional physical fobs, citing them as the 'weakest link' in the audit trail.

 

I’m curious how many of you are actually seeing a real-world shift toward integrating physical access (like mobile credentials or MFA) directly into the logical security stack to satisfy Zero Trust audits? Are you finding that dedicated DC managers are ready to ditch physical cards entirely, or is the industry still too reliant on the 'safety' of a physical token?

 

Would love to hear some field experience on the integration hurdles between the physical layer and IT security protocols in these high-stakes environments.

Its way too clever for me, I mostly twist coloured wires together to make intruder alarm circuits 

Edited April 14Apr 14 by MrHappy

19 hours ago, MrHappy said:

Its way too clever for me, I mostly twist coloured wires together to make intruder alarm circuits 

Haha, @MrHappy, don't undersell yourself! Those 'coloured wires' are the backbone of everything we’re trying to build on top of. At the end of the day, if the circuit doesn't close, the smartest Zero Trust software in the world is just a fancy UI.

 

The reason I’m digging into this is that the IT guys on this project are making life difficult for the onsite installers. They want everything on the network, but they don't always understand the 'field' reality of hardware reliability. Trying to find that middle ground where it’s secure but still practical for someone to actually maintain without a Ph.D. in 

If the servers or network have sensitive data on it, then make it as secure as possible, even to make it a zero-trust environment.

Spot on, @MarkP01. When sensitive data is involved, that perimeter fence is no longer enough. The challenge I’m finding is that most 'secure' systems still fall back on standard Wiegand or simple RFID, which are easy to sniff.    

 

To get to that true zero-trust level at the rack, I’ve been looking into combining OSDP v2 with mobile credentials—basically moving the encryption key all the way to the reader. I found a decent technical breakdown on how to bridge this physical-to-logical gap here: https://www.civintec.com/blog/CIVINTEC-Advanced-Data-Center-Access-Control-with-Zero-Trust-Security.html    

 

It covers exactly what you mentioned: treating the physical access point as just another untrusted node in the network until proven otherwise. Have you guys had much luck with OSDP implementations, or are you still seeing a lot of legacy hardware holding back these zero-trust goals?