Data Center Security: Do You Really Know What Threatens You?
Data center security is more than biometric locks and regulated access. While important, these steps eliminate a very small percentage of data center outages. A report by the Ponemon Institute (commissioned by Emerson Power) identifies the most common causes of outages in data centers and their costs.
- Your company relies on the data center to support all company operations.
- According to Gartner Group, you spend 2.5-3.5% of your revenue for IT-related products and services; the more tech dependent you are, the higher the percentage.
- The average outage costs $740,357, including detection, containment and recovery, productivity and revenue losses plus business collateral damage.
As you can see, your data is critical to the life of your company. Every department is affected, and your company’s image can suffer greatly when you are down.
Uninterruptible Power System (UPS) failure is the number one cause of data loss, accounting for 25% of all unplanned outages. The failure could be anything from a bad component to an old battery, or most likely, human error.
According to GCN, cyber-crime is now estimated to cause 22% of outages, but often a cyber-attack is traced to human error as well. My 25-plus years in the field have shown me that a combination of bad human decisions lead to the majority of outages, and that sudden component failures make up a small fraction.
Rule one to consider when analyzing your data/power security: How can this plan or equipment be made useless by human error? Based on this analysis, consider a complete Energy Security Audit:
- Analyze your power infrastructure and how vulnerable it is. Check the equipment age, design and installation. Look for places where an accidental opening or closing of a switch can occur and eliminate it.
- Evaluate the redundancy you need to maintain your systems operation.
- Analyze your methods and procedures to be sure they will work, are understandable, and cover all the possible scenarios.
- Keep hard copies of your methods of procedure (MOP), manuals, contact numbers and other important data near the system for fast reference. If you are having data troubles, online documents may not be accessible.
- Analyze the room security. Ask yourself – does it keep unwanted people out, and are the people who have to be there controlled properly?
Critical System Maintenance
- Make sure the technician you get is knowledgeable about your system(s).
- Make sure they are using a written, established and agreed upon MOP to help eliminate missteps and mistakes.
- Ensure that they perform all the needed tests, including a thermal image to look for overheating components that may fail.
- Identify all circuit breakers, switches, battery units, UPS units, generators and other critical power gear with a unique name that you will use in all your MOPs, manuals and documentation.
- If your batteries are old or weak, change them, and remember that replacing just one battery in an old system may do little good.
- Schedule service when it will have the least impact on your operations.
- Read the reports from your service company. UPS and battery reports are trending data, and variances will show where to expect problems.
- Hire a professional team with cyber security experience.
- Look for potential points of infiltration.
- Devise a plan for denial of service attacks.
- Keep operational controls off public internet systems if possible.
- Ensure that your best cyber plans are not thwarted by human error.
Install an energy monitor system. Most critical gear now comes with a card that can give you some information; while good, they are often proprietary and limited. A DCIM (data center infrastructure management) package is the best but can be costly, and integrating it into a proprietary network can be time consuming and problematic. A hybrid system that can monitor the required trigger points and integrate with various manufacturers is another possibility. Do a cost benefit analysis to determine your needs.
Things to monitor:
- All environmental conditions.
- Personnel in critical rooms.
- UPS and/or generator operating times.
- The temperature of batteries, server racks, UPS and other critical gear.
- The amperage draw from the overall system, down to the individual server.
- Water or coolant leaks in CRAC systems.
Alarms should be set up to notify the appropriate personnel immediately to help avoid a shutdown.
For other helpful tips see this piece on LinkedIn.
To ensure the security of your data, consider a complete power security audit. Unlike many service companies, Faith Technologies has experience in mission critical power construction, UPS and generator support, and the engineering team necessary to insure everything has an electrically sound design, is code compliant, and that best practices are used.