Developing a data strategy in the public sector
Thu 10 Jul 2014
Public sector organisations looking to move data centres off premise face some particular challenges and risks. Marc Chang assesses the implications of the on- and off premise strategy debate for this specialist area.
The demands on data centres today are driven by organisations’ endless need to store more multiple types and sizes of data, and a hunger to digitise and capitalise on the latest applications automating workflows and processes. The strategies being developed to store, manage and protect all of this data inevitably pose more pronounced challenges for IT departments to cope with.
We are seeing an emergence, particularly within the public sector, of moving data centres off site and managed by third parties. One of the key challenges facing public sector data centre managers is the need to safeguard against environmental and operational threats such as malfunction, fire, flooding and security breaches. When faced with important decisions about upgrading legacy infrastructure, these managers are increasingly placing cost and risk at the heart of their data centre strategy, and off-premise options are being seen as an important part of the solution.
For a building or segregated area of a building whose sole purpose is to provide secure, highly available, and reliable IT services, risk mitigation is key. But what are the most common risks faced by organisations in the public sector?
Types of risk
Data centre risk takes multiple forms, many of which are operational. For example, there are design risks – mechanical and electrical – which have an impact on reliability and operability. Power is certainly one of the main issues we encounter with our clients.
We look at how power is directed towards the data centre, for example within a complex, power-hungry environment such as a hospital, and how localised power management systems are set up to take the strain of increasing workloads.
We see regular power constraints and even outages from clients operating on-site data centres. This is a real threat. If the IT infrastructure goes down in a hospital, it is considered a major incident. Patients may be turned away, so technology and IT provision is regarded as high priority.
Another type of risk we see regularly in the public sector is based around their location, involving fire, heat control and flooding hazards. In hospitals, many data centres are in the basement, located amongst ageing water pipes, which can leak and cause problems to the data centre from the hospital wards above. Historically there’s been a disconnect between the facilities department, IT and the increased demands of other departments, so often data centres have not been housed in what would today be considered the most appropriate areas of a building.
Mitigating the risks
The best way to manage the risks to an organisation is to start by identifying the risk in a composite manner, considering the likelihood of it occurring and its impact to the business. Organisations will analyse this in what they call a risk matrix. Risk management is ultimately a cost-benefit decision. Can I afford to lessen a risk and lessen the likelihood of an impact to my business? This decision varies from organisation to organisation.
So we must consider the underlying forces that influence decisions around risk. Organisations that 10 or 15 years ago made investments in local infrastructures and staffing have had little justification to change on the margin. But as these investment cycles reach their end, different decisions are often being made. A good question to ask is; if I were to make a fresh investment today, what would I choose?
Utilising purpose built off-site data centres and infrastructure are easy wins for IT, freeing up their own resources to deal with more strategic initiatives where control and expertise needs to reside in-house. This lets IT better align itself to the business strategy.
Public sector organisations, particularly hospitals and trusts, have been traditionally slower at moving off-premise, whereas our private sector customers are more likely to off-site or co-locate their data centre. Some 95% of our NHS customers still have their data centres within the hospital itself. Many openly admit that they get a degree of confidence and reassurance from that. But we are starting to see a change.
Over the last 12 months, we’ve noticed that almost all of our customers are struggling with data centre space, and because they’ve reached their maximum amount of power, lots of projects have stalled waiting for additional space. Approximately two thirds of our NHS customers have that problem at the moment.
Many of our customers are turning to a dual data centre strategy in which they’ll have primary and secondary data stored in both on and off-site arrangements. The operational risks discussed can be mitigated by the use of standards based data centres (such as Block’s own TIA Tier Three designed dual data centres), which offer facilities that are resilient, environmentally friendly, cost effective and secure.
Every organisation is unique, and so is their tolerance for risk. Whenever decisions are being made about the design of a data centre, they must be weighed against the operational risk tolerance as defined by all key stakeholders, including IT, executive management, facilities and all relevant business units.
The goal should be to manage risks by introducing correct levels of protection, suitable for the continuance of all business plans and infrastructures. Proactive measures are better than reactive decisions to restore and rebuild IT facilities and effective planning is key to public sector organisations looking to move data centres off premise. ♦
Marc Chang is chief technology officer at Block.
This article first appeared in Data Centre Management magazine