Over the years, the role of the data center has evolved from a repository of mainframe computers in a client-owned and operated facility to one where computing resources may be located in many different architectures. In addition, customer requirements for ubiquitous computing and easy, quick access have created new demands for instantaneous “always-available” information.
Many exogenous events can impact data centers. These can include “logical intrusions” such as hackers stealing information, locking up systems, or flooding the system with requests, as in denial-of-service attacks.
Other exogenous events are physical, such as tornadoes, hurricanes, winter storms, fires, tsunamis, earthquakes, and power outages. Events such as these have highlighted our vulnerability to natural disasters. Hence, having an efficient and reliable data center risk assessment is quite necessary to ensure smooth and hassle-free.
Understanding the risk:
Before a data center security can manage risk, it has to understand the different categories of threats to operations. Following are the types of risks involving a data center:
Loss of power: This risk is existential for a data center, but frameworks incorporate the management of that risk. Many other data centers like Capgemini uses tier ratings, which help to classify their exposure to disruptive risks such as these.
Service disruption: Thanks to fires from malfunctioning plants and IT equipment, the company uses inert gas suppression systems in all IT rooms, including plant rooms, to douse fires before they spread.
Risk Assessment (RA)
Risk analysis is the process of identifying events, determining causes, and estimating probabilities with impacts. Risk evaluation is the process of comparing risk levels with established risk criteria. Risk Assessment (RA) is the process of risk analysis and risk evaluation.
The purpose of risk assessment is to prioritize planning by assessing the likelihood of events and their potential impact on critical functions. RA is fundamental to identifying vulnerability and is a basis for resource allocation and exposure mitigation.
The BIA findings may be examined against various hazard scenarios during the risk assessment phase. Potential disruptions may be prioritized based on the hazard?s probability and the likelihood of adverse impact on business operations. A BIA may be used to justify investments in prevention and mitigation and disaster recovery strategies.
Risk analysis defines and analyses the threats to an organization. In IT, a risk analysis report can be used to align technology-related objectives with a company’s business objectives. A risk analysis can be quantitative or qualitative. In quantitative risk analysis, an attempt is made to numerically determine the probabilities of crisis events and the impact of the loss if a particular event takes place.
Strategy Development:
The next step in data center risk assessment is developing a strategy!
Developing a keen and reliable strategy is crucial in events like these. A good strategy will ensure a reliable flow of working environment in a data center. Strategies may prevent or reduce the probability of events or enhance the capability to continue or resume operations following an event.
Crisis scenarios are valuable during the analysis process. While developing strategies, the focus is placed on what decisions need to be made and on what needs to be accomplished.
Organizational activities are usually divided into business for unaffected areas and recovery activities for affected areas. The primary factor affecting a good strategy is the ‘cost’ of the plan, which is to be maintained. A reliable approach can often be quite costly; hence, the strategy is formed depending on the situation. Developing a strategy involves the following aspects:
Reviewing business continuity and recovery objectives
Identifying potential strategies
Consolidating strategy across the organization
Determining advantages and disadvantages
Scope of data center risk assessment:
Following are the points that define data center risk assessment scope:
Site location
Critical systems
Building
Communications
Fire protection
Security
Steps in data center risk management:
Datacenter risk management is a crucial step in determining the organization’s future and contains evidence that the data center will grow in the future or not. Following are the essential steps for data center risk assessment:
The first step in the risk assessment is to identify and evaluate risks. The risk evaluation includes assessment of the site, critical infrastructure, support infrastructure such as fire protection, security, etc., evaluation of existing equipment as it pertains to age, serviceability, capacity, etc., identification of single points of failure, determining the probability of occurrence for individual risks, and recommending corrective actions to mitigate the risks.
The next step is to develop a plan for mitigating the risks. This includes developing policies and procedures for infrastructure upgrades and improvements, planning for shut-downs or providing backup infrastructure to maintain uptime, and developing emergency action plan and schedule that aligns with organizational goals. Once the plan is reviewed and approved by appropriate personnel, it is executed. Upgrades and improvements are implemented as per the plan. The execution results are reviewed regularly, and policies and procedures are refined as needed to ensure continuous alignment with the organizational needs.
Conclusion:
Reliable infrastructure is the lifeblood of a data center, and reliability issues can easily risk the data center’s operation. A loss of power or cooling can significantly impact several critical services, including the revenue-generating services, bring unexpected costs, result in non-compliance with the service level agreements and increase the risk of litigation and negative media. The most reliable data centers are run by those who have their finger on the pulse of their critical infrastructure equipment and systems, identifying problems before they negatively affect their operations.
As discussed previously, the purpose of the risk assessment is to assess the overall site, reliability, critical electrical and mechanical infrastructure, fire protection, communications, and security. The evaluation identifies single points of failure in the crucial electrical and mechanical infrastructure and provides recommendations and estimated costs to mitigate the risks. The assessment report delivers a clear understanding of the capabilities of the existing data center site. It can be used as a performance improvement plan to optimize future capital and operational expenditures.
