Are you aware of the risks to which your data centre is exposed? Do you know how to protect it?
Every day, companies across the world are increasingly more interconnected digitally and dependent on the Internet, managing a vast amount of information, which makes it necessary to have physical space to process and store the data. For this reason, many organisations have a data centre on their premises where highly critical information is stored and controlled. Therefore this information must be protected.
Security Risks
When we talk of security on the Internet or the security of our data, the first things that come to mind are cybersecurity, hacking, backup copies, antiviruses, firewalls, having or servers upgraded, and so on. In other words, what is known as logical security.
But logical security alone will not serve to guard or protect us. What about the physical security of the DPC? A lack of complete physical security puts it at risk and data storage facilities are areas in which business interruptions incur very high costs.
Regardless of the size of the data centre or the company, as they all run the risk of being attacked, either deliberately or accidentally. For this reason, it is necessary to implement the highest number of security measures, to allow the organisation to create a robust base in which to store and manage its data.
Data centres are exposed to both physical and other risks:
- Power surges or drops
- Inappropriate temperatures due to failures in air conditioning equipment or the incorrect design of these systems
- Fire
- Flooding and damp
- Smoke, dust and particles in the air that damage the hard drives and fans of the devices
- Access by unauthorised staff
- Incorrect handling of equipment
- Vandalism, theft, etc.
- Earthquakes
Security Rules and Measures
To design and execute a secure data centre, the standards established for this type of facility must be observed, mainly those set out in the EN 50600 standard, which, for the first time, establishes a set of design standards that guarantee the “availability, security and energy efficiency during the entire useful life of the data centre”, including energy saving potentials. This standard defines the construction of data centre buildings as well as aspects related to security and administration.
The standard is based on the the risk and business assessment and the levels of availability and protection for the operation of the data centre are specified on the basis of the standard requirements.
To prevent these risks, the DPC infrastructure must be complete and adequate for the needs of each client. The importance of a sound electrical and air conditioning system is well known, with redundant systems to guarantee continuity of service, but aside from the above electrical and air conditioning infrastructure, which are absolutely essential for everything to operate correctly, it is also necessary to provide protection against other threats.
One of the key points of the physical security in a data centre is its envelope, which guarantees structural safety against any external threat, such as inappropriate intrusion, vandalism, flooding, dust, fire, etc. Consequently, this enclosure must be built in accordance with a series of minimum requirements that are certified as being effective against all manner of threats, preventing the entry of contaminants (particles, liquids or gases). For this reason, the doors, ceilings and cable glands must have a grade of protection of at least IP55. In relation to fire resistance and fire protection, it is important to ensure that the construction of the DPC has a fire resistance of at least EI 90 in all the floors, walls and ceilings.
Another consideration when designing and executing the envelope of a data centre is that the requirements set out in the EN1363 standard for structural fire protection used in a standard building are insufficient to protect the DPC, in which the design must comply with EN1047-2. Thus, for example, in the event of a fire, some construction elements considered in the EN1363 standard, such as plasterboard, concrete, limestone, etc. emit large quantities of moisture into the air, causing damage to the DPC servers. In a room measuring 5 x 6 x 2.5 m, an accumulation of up to 870 litres of moisture inside the room is estimated.
As for anti-theft security or access control, the doors must have a minimum resistance of Class RC 3 (formerly WK 3) in accordance with the EN1627 standard.
Regardless of the security of the entrance doors, to make sure that the persons entering the data centre are only those who have previously been authorised, the facility will require the installation of an access control system and a video surveillance system inside it and in neighbouring areas. It must have a secure opening system, door sensors and devices for authorising and recording images of both the interior and exterior of the facilities.
It is also necessary to install security systems in the access to the server racks, either by means of simple locks with keys or access control scanners on the doors, to permit the recording of the persons who have gained access to them. This is because there is no need for all the persons authorised to enter the data centre to gain access to the racks.
Another security measure that is required for a DPC is to protect it from two of the most dangerous agents for electronic equipment, smoke and fire. For this reason, it must be equipped with a good fire detection and extinguishing system.
To guarantee a rapid response and avoid any outbreak of fire in sufficient time to ensure the data centre operation is not affected, it is advisable to install an ASD (Aspirating Smoke Detection) system, as they are able to detect a fire well before the flames appear. Furthermore, in environmental conditions as demanding as those of a DPC, where large volumes of air are shifted at high speeds, ASD systems can guaantee the swift and precise detection of fire, as they constantly analyse samples of the air in the room.
Together with a good detection system, an automatic fire extinguishing system must be installed. They may vary depending on the facility and the area to be protected, and are mostly systems that use gaseous extinguishing agents or water mist. In the first group, special attention should be paid to solutions that protect the environment and cause no damage to the equipment that is to be protected, both due to their dielectric conditions and the working pressures at which the gas is released, which, if high, could provoke the breakage of the hard drives of the servers due to the sound pressure when fired. To that end, NOVEC gas solutions are the most appropriate and recommended ones.
Effective monitoring in the data centre makes it possible to detect any incident and quickly take the appropriate action. Monitoring systems collect the different signals that must be controlled and are able to generate pre-alarms and alarms, issuing warning messages by SMS, email and through other channels. The main parameters to be monitored include the environmental conditions (temperature and moisture), inside the DPC, as well as the detection of fluid leaks. It is also interesting to receive alarms from other systems through the integration thereof, such as UPS, air conditions units, switching systems, auxiliary cameras to protect electrical control panels, fire stations, etc. This type of integration is usually executed using dry contacts or SNMP type communication protocols.
GESAB performs an exhaustive analysis of the most appropriate protection needs in each data centre project it executes and always installs the most convenient security measures in each case. A knowledge of the regulations and the correct explaining of these regulations by our team of expert engineers and architects is essential in implementing secure, durable, high quality facilities in order to prevent incidents whenever an external or an internal problem occurs.
Back-up modular data centres
Many companies and organisations cannot afford to lose their data or to stop their operations in the event of a disaster in the DPC. For this reason, although a DPC may be correctly designed, executed and maintained, a back-up centre is usually enabled to absorb the operations of the main facility in the event of an unforeseen incident.
Modular solutions are perfect for this type of back-up centre.
This type of centre includes containerised data centres that are based on integrating all the conventional systems into the architecture of an ISO container or one that is made to size. Their design and structure make it possible to have a fully functional DPC in less time and at a lower cost than a conventional data centre. This type of containerised solution is perfect for places that are difficult to access such as remote or disaster zones, military operation areas, oil drilling areas, extensions of facilities at a lower cost and facilities with very little available space.
Micro data centres are another alternative in the event of requiring a small data centre as a Back-up DPC or simply due to not having sufficient space. They are modular solutions in the form of a hermetic rack with the same features in relation to infrastructure as any other DPC, and may even be redundant, if necessary: security, UPS, air conditioning, fire protection systems and monitoring, among others. These solutions are easy to implement and are less costly than conventional solutions.
Micro data centres are perfect for increasing the capacity of existing equipment or for installation in sites that are remote or difficult to access, as they are easy to transport and install.
Modular solutions, whether containerised data centres or Micro data centres, area also ideal as Edge data centres, in which the mass evolution of data that currently generates what is known as the Internet of Things (IoT), Big Data and the distribution of contents give rise to high latency provoked mainly by the great distance between the user or the end device from the main data centre in which the content is housed.
The objective is to have data centres that are closer to their users, and therefore we are witnessing the development of a greater number of smaller DPCs that are more scattered, i.e., the closer we are to the data source, the lower the latency that is generated, thus resulting in a better connection by shortening the networks. The location of these new Edge data centres is now determined by the number of sensors and devices that are connected in a specific geographical zone.