Home / Archives for security

Brittany Lutke Goldilocks and the Data Center: Which Location is Just Right?

April 9, 2013 by · Leave a Comment 

Congratulations!  You’ve been given the task of researching and finding a data center for your company’s IT equipment.  Where do you even start?

Many of the people I talk to feel like Goldilocks.  Don’t remember the story? Goldilocks breaks into the Bears’ house and tries different beds, chairs, and porridge.  Two of the three were too… something.  Hard or soft.  Big or small.  Hot or cold.  She struggled until she found the bed (or chair or porridge) that was just right.

Location makes many IT decision makers feel like Goldilocks.  This data center is too close, and my equipment is at risk.  This data center is too far, and it will be tough to maintain my equipment.  What is the location that is just right?

When making a location decision, ask yourself the following questions.  Your answers will help you select an appropriate location and to determine your distance threshold.

  1. Will the equipment in the data center be focused on production or disaster recovery?
  2. Does your equipment require heavy management?

If your equipment is for disaster recovery, choose a data center at least 50 miles from your production site.  I talk to many CIOs, network administrators, and IT professionals who struggle with this.  It’s tough to imagine your babies (your equipment) so far from you and your attentive care, but I urge you not to be what some call a “server hugger.”  If you need disaster recovery, it’s best to have geographic redundancy.  By nature, disaster recovery is intended to protect you should your first set of equipment were to meet with unforeseen circumstances.  If your data center is too close, your equipment will be at risk, and you’ll have defeated the purpose of having a disaster recovery site.

If your equipment is for production, choose a data center that is accessible for regular maintenance and meets your quality standards.  For production servers, location is a less important criteria.  It is more important to focus on choosing the highest quality data center that meets your needs.

If your equipment requires heavy management, you may believe that a close location is just right.  But with options like remote hands and managed service providers, companies can reap the benefits of geographic redundancy for their high maintenance equipment.  Using additional support for server maintenance allows your organization flexibility and the option to focus on other high priority items.

Selecting a data center location is not an easy task.  Hopefully, after asking yourself these questions, you’ll have selected the geographic location that is just right for your data center.

Still looking for more guidance on how to choose a data center?  Check out the following resources, or feel free to contact me at brittany@thedatacave.com.

 

 

Filed under Physical Attributes · Tagged with , , , , , , , , , , , , , ,

Kara Manon Local McDonald’s Lets it All Hang Out

October 18, 2012 by · Leave a Comment 

Did you know that McDonald’s feeds more than 46 million people every day? That’s more than the population of Spain! Additionally, McDonald’s represents 43% of the United States fast food market. One would think that a company like McDonald’s would practice appropriate server maintenance. We were horrified when a friend of Data Cave sent us this picture they snapped through the window of a local McDonald’s drive through.

So let’s play a game. What’s wrong with this picture?

McDonald's server equipment

Taken at the McDonald’s drive-thru in Columbus, Indiana

1. Kitchens and Technology are a Recipe for Disaster

This McDonald’s chose to locate their servers near the kitchen. It doesn’t take a data center expert to note that this is not an effective strategy. Consider your personal cell phone, for example. SquareTrade conducted research that stated that 21% of all iPhone accidents occur in the kitchen. An iPhone is a critical device for many, but most of the vital information is backed up using iCloud. And it isn’t cheap to replace an iPhone, but the price is not nearly as prohibitive as purchasing and implementing a new server. Being near to food and drink can only result in terrible technology tragedies.

2. Exposure to the Elements

Not only did this McDonald’s choose to place their servers near the kitchen, they exposed them to the elements because they were in the drive thru room. It is estimated that an average McDonald’s serves 1,584 customers daily. If half those customers came through the drive thru and the window is open for an average of 10 seconds per customer, those servers were exposed to outside conditions two hours and twelve minutes each day. This takes the idea of an uncontrolled environment to the extreme.

3. Crossed Wires

While the appearance of messy wires isn’t aesthetically pleasing, it is also dangerous. Tangled wires pose fire threats (and we are willing to bet that McDonald’s didn’t employ a fire suppression system exclusively for its servers). Due to this cabling, it doesn’t even appear as if they can shut the door (see #4). In fact, this picture below details the challenges of having messy wires.

 

Cable management

4. An Open Door Policy

Open door policies are great for dealing with employees, but they are less than optimal when it comes to technology. Having an open door to their servers poses many security risks. Damage could be done, both intentionally and unintentionally. McDonald’s  has employed one in every eight American workers. That is indicative of a high employee turnover. A disgruntled employee could easily wreck havoc on McDonald’s because the technology is so readily available.  Additionally, accidents happen. By having an open door, the chance of accidents increases.

5. The Data Closet

Finally, it goes without saying that we encourage all organizations to protect their valuable technology (especially offsite). McDonald’s has their main data center in Dallas but their restaurants obviously still needs local equipment. There are so many risks that come with housing an internal data center, especially one in a closet with no ventilation or cooling. If you want cost savings and increased protection, it only makes sense to outsource your data center.

McDonald’s, we urge you to clean up your technology act! It is inevitable that something will happen, and you will suffer!

Filed under business continuity, Colocation, Cooling, disaster recovery, Electrical, outsourcing, Physical Attributes, Security · Tagged with , , , , , , , , , , ,

Kara Manon Customize Your Data Center Space

January 3, 2012 by · Leave a Comment 

How many data centers allow you to customize your space? All the way down to the layout of the duct work? At Data Cave, you aren’t just renting space from another giant data center. By breaking down our 86,000 square foot space into 1,300 square foot suites, we are able to provide a high level of security and customization. In data centers with one big room, other data center customers and vendors will always be around your equipment. In that situation, the equipment maintaining the space may also be accessible, leaving the possibility of accidental damage or even tampering.

Let me give you an example. You have 50 racks of equipment and you are looking for a data center. You can rent an entire suite at Data Cave which allows you and your staff to be the only ones with access to that room (except our staff, or course). Not only that, but you can decide the layout of the racks and duct work. You can also choose which CRAC units and PDUs you would like. While our facility is 2N redundant, meaning there is two of everything (and I do mean everything), you can even choose the level of redundancy you desire. We are so flexible that Olympic gymnasts are jealous.

The other design feature of note is that the equipment that maintains your space (CRAC units, PDUs, generators, chillers, etc) are all outside of the areas that customers and vendors are able to access. No one could be within an arms reach of this equipment without being escorted by Data Cave personnel.

Every door within Data Cave has a key card scanner (with exception of the bathrooms and offices). The hallway accessing the customer suites also has a biometric hand scanner. The hand scan and key card must match in order to gain entry. We are serious about security and monitor anyone coming and going from the building.

Data Cave was designed and purposefully built as a data center. While deciding on a layout, our CEO, Angie and President, Caleb went on a number of data center tours and did a great deal of research. What they found was that having individual customer areas (or suites) made the most sense. A smaller space means heating and cooling is easier to monitor and control, the area is highly secure and customers still have the ability to only pay for what they use.

It’s always better to see it for yourself. Contact us or call 866-514-2283 for a tour.

Filed under Physical Attributes, Security, Structure · Tagged with , , , , , , , ,

Kara Manon Let’s get hacking: Why SCADA systems need improved

December 13, 2011 by · Leave a Comment 

There have been a couple stories in the news recently about hacking. I personally know very little on the subject. I’ve seen Live Free or Die Hard but I’m not sure that helps at all. Although, after reading about the utility company hacking in Springfield, Illinois, the “fire sale” concept doesn’t seem as unrealistic. According to Wired.com, a hacker was discovered on November 8th by a water company when the SCADA (Supervisory Control and Data Acquisition) system was shutting on and off, causing a water pump to burn out. The article also states that the hacker stole user names and passwords of customers, possibly even signing in to the system with them for a few months before anyone caught on. Within a week of the news breaking, the FBI and DHS denied that there is any evidence that a hacker caused the water pump failure.

This is disturbing to say the least. SCADA is employed in a number of different systems to monitor and control things like utilities and medical devices. Back in August, a security researcher, Jerome Radcliffe, figured out how to hack his own wireless SCADA insulin pump. According to Radcliffe, he intercepted the wireless signals, reversed them and was able to insert fake data which he sent back to the pump. He was able to increase and decrease the amount of insulin without any warning from the pump. In essence, some evil-doer could kill a diabetic using their own insulin pump. A similar situation was found with wireless Pacemakers a few years ago. The study states that the researchers were able to reverse engineer the device’s communication protocols through an unauthorized channel and retrieve unencrypted information about the patient (name and diagnosis) and their treatment plan. They could even revise the therapies the patient was receiving through the device.

Some fixes are simple, like encryption, but other solutions can be very costly. I assume that’s why they weren’t implemented in the first place. We can all hope that no one would hack someone’s insulin pump or pacemaker but that doesn’t mean SCADA systems shouldn’t be more secure. Our utility infrastructure should be a major concern with these outdated systems in place.

Hacked construction sign in Austin, Texas.

 

Some related articles:

SCADA hack targets Iran

HP printers vulnerable to hacking

SCADA vulnerabilities in prison cells

Hackers break into SUV through text message

 

Need offsite backup with single or double encryption? Contact us!

Filed under In the News, info, Informational, Security · Tagged with , , , , , , ,

Kara Manon Data Centers and HIPAA Compliance

October 11, 2011 by · Leave a Comment 

There have been questions about what role a data center plays when it comes to HIPAA. We want to address what requirements and obligations data centers have when working with clients in the healthcare industry.

First of all, what is HIPAA? The acronym stands for the Health Insurance Portability and Accountability Act of 1996, enacted to protect the health information of patients. When you visit a doctor’s office or the emergency room at your local hospital, all the people seeing your medical history have signed some sheet of paper, promising to keep your information private. This means to disclose healthcare information, they must have your permission (or authorization from the proper authorities in cases of child abuse, etc.). HIPAA also covers how physical and electronic data is handled and secured. Healthcare entities must backup their data and have a disaster recovery plan in place. This is where data centers come in.

The Health Information and Technology for Economic and Clinical Health (HITECH) Act was enacted on February 17, 2009. This Act requires covered entities to disclose breaches in Protected Health Information (PHI). The covered entities and their business associates that “access, maintain, retain, modify, record, store, destroy, or otherwise hold, use, or disclose unsecured PHI” are required to notify the Department of Health and Human Services or any breaches. The business associates must notify the covered entity of a breach who in turn notifies the individuals involved (patients) and the HHS if more than 500 individuals were affected. From the statement above, data centers like Data Cave, would be considered a business associate.

The problem is there is much to speculate on what this actually means. Some data centers use HIPAA compliance as a marketing tool. Let me make something clear, there is no certification for HIPAA. A data center can be HIPAA compliant, which is what we at Data Cave consider ourselves. Some pay an outside source to come in, look around, and put their stamp of approval on the facility. For Data Cave, meeting HIPAA compliance means limiting people with access to equipment, including our own staff. This also means notifying the proper channels when someone has been near a healthcare entity’s equipment. With most healthcare companies, they are going to want to manage their own equipment, which means our staff wouldn’t need to touch it anyway. However, for a data center doing managed services, facility staff would be responsible. In that case the facility would enter into an agreement with the customer to maintain confidentiality. In the event of a breach, whether virtual or physical, a data center would notify the customer (the covered entity) who would, in turn, notify the HHS if applicable.

In other words, no one can claim HIPAA certification. To take it a step further,  the essence of a data center is to be secure; so in that case, aren’t we all HIPAA compliant?

To find out more about Data Cave and HIPAA compliance, call us at 866-514-2283 or Contact Us via our website.

Filed under disaster recovery, HIPAA, Informational, Security · Tagged with , , , , , , , , , , , , , , , , , , ,

Caleb Tennis Data breaches are million dollar mistakes

March 28, 2011 by · Leave a Comment 

cybersecurity Cybersecurity is not a new thing for any of us; we hear about stolen laptops with social security numbers on them pretty regularly.  But quantifying just how much value lost data contains has always been a tricky subject.

A post at DigitalTrends takes a look, toting a staggering 7.2 million dollar loss on average.

What’s most interesting, we think, is this:

The study noted that the highest contributor to compromised internal data was negligence.

Of course, it’s very easy to be negligent. It’s difficult, time consuming, and obscure to stay up to date with all of the latest security patches, vendor updates, and requirements necessary to maintain a completely secure system.

There’s lots of money to be made off of stolen data. Criminals are only going to get more sophisticated in their attack vectors.  Having a comprehensive computer and IT security plan as part of a business is a must anymore.

Filed under Security · Tagged with , , ,

Caleb Tennis The EPO button: a vulnerable spot in the data center

November 15, 2010 by · 2 Comments 

When we started the design of Data Cave, one major concern was the EPO, or Emergency Power Off, button locations throughout the facility.  In traditional open floor plan colo models, all of the critical power and cooling equipment sits intermixed throughout the data center floor.  The electric code requires emergency power off buttons to be located in certain places so as to kill off this equipment in case of fire or other electrical issue.

The problem with this is, Read more

Filed under Connectivity Infrastructure, Electrical, Uncategorized · Tagged with , , , ,

Caleb Tennis Midwest data centers

January 6, 2010 by · Leave a Comment 

Putting your critical IT equipment in a midwest data center is an all around smart value proposition.

Read more

Filed under Whitepapers and Studies · Tagged with , , , , , ,

Caleb Tennis Redundancy and Uptime

January 5, 2010 by · Leave a Comment 

Is your data center maximally redundant?

Read more

Filed under Connectivity Infrastructure, Whitepapers and Studies · Tagged with , , , , , ,

More on the UPSs

October 2, 2009 by · Leave a Comment 

The UPS manufacturer was onsite this week to bring the additional UPS capacity online.

Read more

Filed under Building Progress, Electrical · Tagged with , , , ,

Next Page »