How to Achieve Security in a Data Center
In the “A” installment of our data center dictionary series, we will cover security and access control. Your most valuable IT assets need to be protected and kept behind several layers of diverse security measures. In a data center, we call these levels of protection access control.
What is Access Control?
An access control system is the method of authorization to enforce selective access to a secure location. There are different types of access control systems, but to securely shield your IT infrastructure, security measures should include physical access control and network security.
Data center security measures cover four different layers:
- External perimeter security
- Interior facility controls
- Room controls
- Server cabinet controls
External Perimeter Security
The perimeter security layer protects physical security of the building. A data center with strong access control should have barriers to deter unwanted vehicles and people from entering the property. The location should promote security.
- Does the data center have fences and landscaping to limit access to and visibility of the facility?
- Does the building have a single, limited entry point onto the property?
- Are there surveillance cameras outside the building to monitor activity?
- Is the facility at least 100 feet away from a main road?
- If you need colocation, is the facility at least 20 miles from your headquarters? If you need disaster recovery, is the data center at least 50 miles away?
- Is the facility safe for personnel at all hours of the day?
Internal Facility Controls
Internal security measures are equally as important as exterior security controls. These allow for protection from those who are able to enter the building.
- Are security cameras positioned at all access points around the facility to record activity?
- Does the facility require ID verification for entry?
- Do doors require key card scans for entry?
- Is there biometric scanning at various points?
- Are visitors without authorized access escorted at all times?
- Are critical components like power and network cabling out of reach? And air conditioners, Power Distribution Units and critical supporting infrastructure in secure maintenance areas?
The next layer of access control covers the rooms in which your servers are housed. At Data Cave, we abandoned the less secure, traditional, open floor layout for a more secure floor plan with data suites.
- Does the data center have one server room or several individual data suites with controlled access?
- Are there additional entry requirements for each server cage or room?
- Is access restricted to a specific group of people?
- Are there at least three different ways to authenticate access, like PIN number/password, key/card access, biometric scanner?
The most granular level of security is at the cabinet level. These security measures lock servers, provide protection within the server rooms, and minimize any potential inside threats, malicious, accidental, or otherwise.
- Is access to all server cabinets limited and restricted to authorized personnel?
- Are there reliable electronic locking systems in place?
- Is traffic to cages, suites and cabinets video recorded, logged and periodically reviewed?
Access Control at Data Cave
As a purpose-built, privately owned data center, Data Cave maintains state-of-the-art access control. We have a door controller system, an IP-based system of security cameras, required biometric hand scans, entrance and exit reporting, restricted suite access, and a visual “muster” screen to see who is present in the building at all times. Want to learn more about Data Cave’s security and access control? Read more here.
Be sure to check out the rest of the Data Center Dictionary series:
Over the past few weeks, we have covered some basics, or A, B, C’s, of data centers in our Data Center Dictionary series.
Access Control (coming soon)
Today, we’re going to cover Business Continuity.
What is Business Continuity?
Business continuity encompasses the activities required to keep your organization running during a period of displacement or interruption of normal operation. It provides a complete answer to the question, “What would you do in a crisis?”
Many confuse disaster recovery with business continuity. But the two differ. Disaster recovery focuses on the technology component of a crisis. How will your systems operate? What happens to your servers when the power goes out?
Conversely, business continuity covers all business functions. Where will your employees work when if you lose internet access or phones or worse yet, your facility is damaged by a storm or fire? How will you quickly resume operations?
Some companies have business continuity plans that are not complete. In fact, 23% of big companies do not include their entire supply chain in their business-continuity plan. An incomplete business continuity plan is detrimental to continued operations after a disaster.
Why is Business Continuity Important?
When a disaster occurs, typical business operations are disrupted, and this affects the bottom line through
- Lost revenues
- Additional expenses
- Costly inefficiencies
A business continuity plan could be the difference between life and death—of your business, not to mention leaving your staff unemployed or unpaid during and after a disaster. The Millersville University Center for Disaster Research and Education reported 40 percent of businesses that do not have a business continuity plan fail after a major disaster.
How to Create Your Business Continuity Plan
At a high level, we recommend using the 6 A’s of business continuity.
- Assess – conduct a basic risk assessment
- Analyze – itemize potential risks and scenarios
- Arrange – document your contingency plans for the scenarios you analyzed
- Act – put your plan into action
- Align – measure and review the plan on a regular basis
- Adjust – adapt the plan to bolster your BC plan
It’s usually common sense that liquids and electronics don’t mix. But no matter how careful we are and think it won’t happen to us, accidents do indeed happen, and they tend to happen to some (like myself) a little more often than we’d like.
I, Kara Manon, am a grade A klutz.
I can’t tell you the number of times I’ve tripped, spilled things, sprained something, etc. I seem to, however, have amazingly good luck with electronics, despite my best efforts. A couple of months ago, I was folding laundry and found my brand new Fitbit still attached to my jeans. Jeans that had gone through both the washer and the dryer. Oops. While the Fitbit Ultra is (supposedly) nowhere near waterproof, it still worked like a charm! It’s a technological miracle.
You’ve seen me rave about my Macbook Pro which I am still completely in love with (as long as the rainbow pinwheel of death stays away). But last week, I had a close call. I was sitting in the NOC at Data Cave, chatting with my fellow colleagues about something important I’m sure, when near tragedy struck. I knocked my cup of coffee over, directly onto my Macbook keyboard. I reacted with, what I can only describe as cheetah-like speed, and lifted it up while turning it over to let the coffee pour off into a giant ominous puddle of coffee on my desk.
Patrick quickly grabbed some paper towels and started soaking it up while I stood there holding my dripping computer in the air. Finally, I was able to put it down and pat it off. I used a can of compressed air to blow the remaining coffee out from under my keys.
Guess what? Still works and there have been zero issues. In fact, my computer smells like a terrific roast of Green Mountain Southern Pecan coffee. But now, I promise, I will never have an open cup of anything near any sort of computer in the future because it isn’t possible that I will continue to remain that lucky.
So, what is the moral of the story?
1) Obviously, be careful! If you know your weaknesses – like my clumsiness – make precautions accordingly by using things like lids (sippy cups, if necessary) or keyboard covers.
2) Know your backup plan. If all of that coffee had leaked down into my hard drive, what would I have done? Honestly, I don’t know that I’m fully prepared for that (at least not mentally). Of course all of my documents are backed up through Data Cave’s offsite backup program which definitely keeps any hardware loss from being catastrophic. One perk of Apple products is that the App Store, which will tell me what apps I’ve downloaded/purchased saving time if I have to set up a new computer. I also use 1Password so I don’t have to worry about browser saved passwords.
But, any kind catastrophes has the potential to be detrimental. So.. think fast! What is your course of action if a cup of coffee ruins your computer? Or worse, if a storm floods your business? Are you backed up? Do you even know all the files and applications that are on your computers or servers? Maybe we should talk.
Feel free to share your almost disasters, full on catastrophes, and/or disaster recovery plans in the comments.
Our last data center dictionary entry covered Disaster Recovery. We discussed what disaster recovery is, how to reduce various threats, and how to begin your own disaster recovery plan. Next, we move to Colocation.
What is colocation?
Simply stated, colocation is the practice through which a business locates its servers and IT equipment in an offsite data center. These facilities are often designed provide rich connectivity options, which would be otherwise unavailable to a business or organization. In application, colocation allows a business to locate its servers and other IT equipment securely in a data center. As opposed to dedicated server hosting, colocation allows businesses to own and manage their servers in an environment designed to support and enhance server activity.
Why do businesses practice colocation?
Colocation provides businesses with several advantages, including:
- Improved facility and network security
- High uptime and availability
- Increased connectivity options
- Cooling, electrical and networking redundancy
- Scalability for future growth
- Cost-effective bandwidth
- Outage protection
Who should consider colocation?
While colocation can be a great resource for all businesses, medium and large-sized organizations should consider colocation. Industries that regularly handle highly sensitive information, such as financial services and healthcare, benefit from colocation because data centers have exceptional security measures in place.
Why should a financial service company consider colocation?
Today’s financial environment has given the advantage to the quick, connected, and agile. Colocation allows companies the speed, availability, and compliance adherence necessary for success. The boom in electronic trading allows companies to make transactions almost instantly but has also created an environment in which speed directly affects success. The most successful companies in this industry obtain and analyze market information to make quick and accurate decisions, and each second matters.
Colocation also prevents companies from suffering at a loss of latency. With 100% availability and uptime, a financial organization can be certain they will not miss an opportunity which might lead to a costly loss. Finally, because these companies handle sensitive data regularly, they must adhere to stringent compliance regulations. For more information about compliance, financial services, and colocation, we recommend reading our white paper, A Guide to Financial Services Regulations.
Healthcare and Colocation
In today’s healthcare environment, the IT infrastructure may be as important as the care itself. A new study published in the January/February Annals of Family Medicine estimates that 70% of family physicians are using Electronic Health Records (EHR) and by the conclusion of the year over 80% will use EHRs. Healthcare providers at all levels—from hospitals to family care practices—are relying heavily upon EHR and other technology. Today technology in medicine is no longer just for operational efficiency but also for effective patient care. Because the role of technology in healthcare has evolved as a critical component in any healthcare organization, these organizations should consider colocation. It ensures effective operation and excellent patient care as well as HIPAA and HITECH compliance.
Sunday marked one of the most important days of the year (for us, anyways). March 31, 2013 was World Backup Day 2013. This campaign was recently founded to remind computer users around the globe about the importance of backing up data. What would you do if you lost everything on your computer tomorrow? What would your business do if it were to suffer a natural disaster or power failure?
Did you know…
- More than 60 million computers will fail worldwide in 2013.
- Companies that aren’t able to resume their operations within 10 days after a disaster are not likely to survive.
- 90% of small companies spend less than 8 hours planning/managing their continuity plans.
- Between 60-70% of problems that hurt business are due to internal malfunctions of hardware or software.
- 80% of businesses that suffer a major disaster go out of business within one year.
- Over 50% of businesses experienced an unforeseen interruption. The majority of the interruptions caused the business to be closed one or more days.
- Only 1 in 4 people backup their information regularly.
- 113 cell phones are lost or stolen every minute in the U.S. alone.
Companies can choose from several options, when evaluating backup options. One option is to use comprehensive offsite backup services. These services are designed to run continuously in the background of your computer or server and provide your company with real-time data replication to a secure server within the data center. Another option to consider is colocation, which houses your IT infrastructure at a data center to maximize reliability and uptime. Colocation is maintained at Data Cave, our fully redundant Indiana data center, with on-site technicians who can manage any of your unforeseen crises.
In the spirit of World Backup Day 2013, we have put together some questions for you to consider while examining your own backup routine.
- Are you backing up every database that is important to you?
- Do you double check that your backups are working? Check your backed up data periodically to ensure the backup is complete and successful.
- Do you have multiple copies of your data? If you backup your data (photos, files, etc) and then remove them from your primary computer, you may want to consider redundant backups.
We challenge you to take the pledge to back up your files in celebration of World Backup Day.
As with any industry, it is easy to fall into the myopic trap of jargon. In fact, one of my favorite HBR podcasts discusses the burden and challenges that jargon presents (Listen to or read Dan Pallota’s interview with Sarah Green “Business Jargon is Not a Value-Add” here). While we try our best not to over-jargon our customers and friends, it is easy to be ensnared by its occasional usefulness. But sometimes it can valuable to step back, think about what we want to express, and explain it in plain terms. For that purpose, we are going to break down data center jargon down. We want to explain what it is that we do, so all can understand what is actually being communicated.
So without further ado, here is the first installment of our data center dictionary series. Please let us know in the comments section what words you’d like to see explained, and we would be happy to oblige.
What is Disaster Recovery?
Disaster recovery is a plan put in place to make sure your business is adequately prepared to function after any type of disaster. It typically implies what technology plans that will take place, should a disaster occur.
What kinds of disasters should DR include?
There are two different types of disasters that occur: natural disasters and man-made disasters. Natural disasters include tornadoes, wildfires, floods, hurricanes, earthquakes, etc. Man-made disasters include infrastructure failure, human error, hazardous material spills like Three Mile Island and Chernobyl.
By the Numbers:
In a study from Gartner, Inc., they found that 90% of companies that experience data loss go out of business within two years. Research by IBM (Varcoe, 1993) showed that 80% of organizations without relevant contingency plans who suffered a computer disaster went bankrupt.
How to Reduce Various Threats:
Take preventative measures to avoid disasters. Start by creating a disaster recovery plan and be sure to enforce those policies. Make frequent backups of your critical data or records. Be sure to store this information in a secure and remote location. The typical rule of thumb is to have your disaster recovery site at least 50 miles away from your business or primary colocation (see our upcoming data center dictionary installment on Colocation) site.
Where Should You Start?
Some good questions to ask yourself when preparing for a disaster include:
- How is your business run?
- What is required to keep your business going?
- What are the most critical aspects of day-to-day business?
- What is a reasonable length of time for your business to be up and running from your disaster recovery site if your primary servers and hardware went down? Minutes? Hours? Days?
Today marks the first official day of spring. As a Midwest data center, we withstood the extreme winter. With chilling temperatures, the coldest March in years, and several snow and ice storms. We decided to take retrospective look at some of the worst winter weather, both here in the Midwest and across the country. Now, take a look at these notable storms and the outages they caused and be sure to not let the weather disrupt your business.
1. Nemo 2013
We can’t discuss winter storms without mentioning this year’s horror, Nemo. The Weather Channel dubbed the storm Nemo, with origins from Jules Verne’s character Captain Nemo or the adorable fish who is missing in the Disney film, Finding Nemo. Less cuddly and charming, Winter Storm Nemo wreaked havoc on the Northeast, passing through New England and leaving three feet of snow. More than 300,000 people were without power and as many as 400,000 people were powerless in Massachusetts. Wind gusts of more than 80 miles per hour were reported. Besides the loss of power and interrupted travel plans, numerous professional sporting events were delayed because the teams were stranded in various cities.
2. Washington D.C. Blizzard of 2011
The east coast also felt the effect of winter storms further south in 2011. Thousands of people were left without power in January 2011 in Washington D.C. due to snow storms. Nearly 200,000 people in Northern Virginia at one point were without power and up to 650,000 people were without power at some point during the blizzard. As a result public and private transit, as well as corporate business operations were disrupted.
3. Chicago Blizzard of 2011
The Midwest and the Windy City are no strangers to inclement weather, but in 2011 Chicago experienced the third largest blizzard in the city’s history. “Chicago closed its public schools for the first time in 12 years and shut down Lake Shore Drive, where hundreds of motorists were stranded for 12 hours after multiple car accidents on the iconic roadway,” according to the Huffington Post. Approximately 123,000 people were without power and utility crews worked ceaselessly to repair downed power lines and damaged equipment.
4. NYC Blizzard of 2010
The storm hit the day after Christmas and was the sixth largest storm in New York City’s history. Between 18 and 24 inches of snow fell, with 29 inches reported in parts of Staten Island. Wind gusts were reported as strong as 60 miles per hour. As a result of the storm public transit came to a standstill and more than 24,000 people lost power.
5. NYC Blizzard of 2006
Seven years prior to Nemo, New York suffered another massive snow storm. This was the largest storm in the city’s history, covering Central Park with 26.9 inches of snow. The storm not only affected New York City, but also impacted regions from Maine to Virginia, not unlike Nemo. The blizzard knocked down trees and power lines and forced all three major airports to close during the heaviest part of the snowfall.
6. Indianapolis Blizzard of 1978
To Hoosier natives, this will forever be the storm that lives in infamy. The Circle City was buried under over 20 inches of continuous snowfall in January of 1978. The precipitation was coupled with intense temperatures. Thermometers read zero degrees, but with wind-chill effects, residents felt the chill of -51 degrees. The wind coupled with snowfall lead to several drifts over ten feet tall.
Why do we examine the weather? Does it even matter? The short answer is yes! Disaster recovery and preparedness demand planning for these types of scenarios. When reviewing your company’s disaster recovery plan, consider the effects your company, equipment, and data will feel from environmental factors, such as winter storms and extreme cold. Having a comprehensive disaster recovery plan with redundant backup methods will protect your data should your business be affected by a natural disaster. Review more complete disaster recovery planning and strategies here.
When driving through the gates to arrive at Data Cave, you can be sure you’ll encounter Patrick Gill, our Network Structure Manager. On any given day, you might find Patrick creating the network structure, facilitating fiber and copper termination, assisting customers during their move in, or providing customer support. His cheery demeanor and eccentric personality brings light to the Cave.
Patrick became acquainted with Data Cave in a roundabout fashion. Caleb Tennis, Data Cave President, taught college classes in the early 2000’s. During his time as a professor, he had the opportunity to teach Patrick in a Linux class. The course required its students to take a Linux+ certification test, and Patrick was the only student to pass the test. Caleb took note, and several years later, the two reconnected, and Patrick began his work at Data Cave. When asked about his favorite part of Data Cave, he mentions the people, particularly Caleb. He believes their expertise and experience brings all at Data Cave to a higher level and admires their knowledge and work.
A rare exception to the IT stereotype, Patrick combines his technological expertise with a keen business sense and can be classified as a lifelong learner. Constantly seeking answers to questions, he has developed a strong understanding of a variety of topics. From network engineering to web design to home improvement to guitar, you can bet that he will fully immerse himself in whatever piques his interest.
One of Patrick’s favorite interests is Apple. Years before Apple and Mac products were cool and mainstream (or hipster-esque), Patrick appreciated Apple’s intuitive design process and fell in love with its easy-to-use products. He almost purchased a MacIntosh in 1995, when Apple was a struggling company. In the mid-2000’s, he reconnected with Apple, and its philosophy resonated with him. He didn’t want (or need) a mass-market product but he rather enjoyed their approach, which mandated excellent product creation regardless of its sales capability. He loves Apples products and claims that they consider everything when creating a product or service. (And no, he is not being paid to endorse their products.)
In fact, he brings his love of Apple to Data Cave on a daily basis. He has written several blogs, pertaining to or mentioning Apple, like Mobile Email and iPhoto and iCloud Backup. Additionally, he tries his best to emulate its innovative leader, Steve Jobs.
We are grateful to have Patrick on our team! He furthers our mission to protect our customer’s data. While we are proud of our facility, it is people like Patrick (and Caleb, Brittany, Nic) who truly differentiate Data Cave from other data centers.