R&M Data Center Handbook

www.datacenter.rdm.com
3.5.5. Basic Protection and Security
Ensuring data security – e.g. with backups and high-availability solutions – is not the only challenge that faces
data center administrators. They also must make sure that the data center itself and the devices in it are protected
from environmental influences, sabotage, theft, accidents, and similar incidents.
Many of the following items were already mentioned in detail under the topic of “Security Aspects” in section 1.12.
An overview of essential data center dangers and corresponding countermeasures is again provided here.
In general, it is true that security in a data center is always relative. It depends, for one, on the potential for danger,
and also on any security measures that were already taken. A high level of security can be achieved absolutely by
means of extremely high safeguards, even in an extremely dangerous environment. However, protecting a data
center that is located in earthquake areas, military IT installations under threat or under similar situations does
have its price.
It therefore makes sense for those responsible for IT in the data center to assess the potential of danger before
beginning their security projects, and to relate this to the desired level of security. They can then work out the
measures that are required for realizing this level of security.
Threat Scenarios
The first step in safeguarding a data center against dangers always consists of correctly assessing actual threats.
These are different for every installation. Installations in a military zone have requirements that are different than
those of charitable organizations, and data centers in especially hot regions must place a higher emphasis on air
conditioning their server rooms than IT companies in Scandinavia. The IT departments concerned should therefore
always ask themselves the following questions:
• How often does the danger in question occur
• What consequences will it have
• Are these consequences justifiable economically
But what elements make up the threats that
typically endanger IT infrastructures and provide
the basis for the questions listed above
We must now list possible catastrophic losses
in connection with this.
Floods and hurricanes have been occurring with
disproportionate frequency in central Europe in
recent years, and, if an IT department assumes
that this trend is continuing, it must absolutely
make sure its data center is well-secured
against storms, lightning and high water.
Losses from vandalism, theft and sabotage
have achieved a similar level of significance.
High-performance building security systems
are used so that IT infrastructures can be protected
as well as possible. Finally, the area of
technical disturbances also plays an important
role in security.
Picture supplied by Lucerne town hall
Catastrophic Losses
Our definition of the term “catastrophe” is very liberal, and we assign everything to this area that is related to
damages caused by fire, lightning and water, as well as other damage caused by storms.
The quality of the data center building plays an especially big part in resisting storms. The roof should be robust
enough so tiles do not fly off during the first hurricane and rain water is not able to penetrate unhindered; the cellar
must be sealed and dry, and doors and windows should have the ability to withstand the storm, even at high wind
forces.
At first glance, these points appear to be obvious, and also apply to all serious residential buildings – in fact,
practically all buildings in central Europe fulfill these basic requirements. Nevertheless, it often makes perfect
sense, for temporary offsite installations and when erecting IT facilities abroad, to take these basic requirements
into consideration.
R&M Data Center Handbook V2.0 © 08/2011 Reichle & De-Massari AG Page 75 of 156