4 considerations to improve data centre risk management
Tue 21 Dec 2021 | Nicole Cappella
Data centres provide the connection between two different realms – the physical world and the digital world. As technology progresses, these lines may become more blurred. With the increasing adoption of work from home, digital events, and online social activities, many of the events that we used to expect to attend in person can now occur in the digital world as well.
These changes have increased the importance of the data centres that connect the physical and digital worlds. The average cost of downtime has increased to $5,600 per minute – not including indirect costs including loss of productivity, and additional cybersecurity risk.
Preventing downtime in the data centre is a critical function for data centre owners and operators. This means taking an active role in improving data centre risk management – across all of the many factors that could affect the robust, efficient operations required for data centre services.
To improve data centre risk management, you must first conduct a risk assessment to benchmark your current state. Conducting a thorough risk assessment that takes the many different types of possible vulnerabilities into account will not only help you understand where you are and the types of improvements to consider: it also provides a baseline against which improvements can be measured.
Types of Risk
One of the reasons that data centre risk management is such a complicated endeavour is that there are a number of different types of risk to consider. These include:
A data centre outage can occur at any facility, of any size. There are a number of potential causes – from natural disasters to UPS system failure, to human error. Even an unresolved issue with a data centre’s cooling system can cause a power failure.
Once the risk of power failure has been assessed, steps should be taken to reduce vulnerabilities across these areas. Then, a strategy should be put in place to make power backups more robust: including testing disaster recovery solutions.
Data centre fires are a major concern: as the volume and proximity of electrical equipment in a data centre can be a fire risk without proper planning. Data centre fires are not necessarily a common occurrence, but without appropriate mitigation, they can easily become catastrophic. For example, the fire at the OVHcloud data centre in Strasbourg resulted in downtime for OVH and their clients, expensive workarounds, and refunds based on lost time and SLA issues.
A fire assessment and improvement strategy should include a review of employee procedures – ensuring that safety protocols such as not overloading power strips – are clear and being followed. It should also include a review of the UPS system and testing of fire suppression solutions.
Protecting sensitive data is a top concern for businesses, so it must be a top concern for data centre owners and operators as well. In 2021, the average cost of a data breach reached $4.24 million – the highest since 2004. The same study found that the majority of breaches had the same root cause: stolen user credentials. To ensure your data centre is protected from a cyber breach, data centre owners/operators must ensure that employees and contractors are well-aware of and practice basic security measures.
A data centre can be vulnerable to physical breaches as well as cyber breaches. To ensure that your data centre is protected from a physical security standpoint, consider how robust your systems are, including:
- Intrusion detection
- Multi-factor authentication
- Access controls
As your company plans its strategy into 2022 and beyond, reducing data centre vulnerabilities must be at the top of the list. Beginning with a comprehensive assessment across a variety of possible risk vectors, and then creating a comprehensive strategy to improve results and reduce vulnerabilities, is the only way to ensure that your data centre is secure today and will continue to be so in the future.
Written by Nicole Cappella Tue 21 Dec 2021
Tags:advice data centre risk management
Security Tue 21 Dec 20212021 Playbook: Enforcing Zero Trust for All Identities
Cloud Tue 21 Dec 20214 obstacles to a successful lockdown cloud strategy
Cloud Tue 21 Dec 20215 key tech challenges for 2021 – and how to overcome them