How safe is your data?
This year has brought a whole host of natural disasters for us to deal with. From Drought to floods to heavy snow, the United Kingdom is being hit with ever more extreme weather. Sir Michael Pitt’s review of the flooding events of 2007 set out with great clarity what needed to be done to better prepare for all types of flooding, whether from rivers, surface water or the sea. The floods of 2007 almost brought the UK’s infrastructure grinding to a halt. Sir Michael Pitt told us that Society Must Take Flooding More Seriously.
I am certain that if your headquarters were perilously close to an area with a high likelihood of flooding you would have some contingency plans. What about your data? How resilient is your data centre? Can they be relied on to keep supplying your Data during an inundation?
Businesses, now more than ever before need to ensure that their data is not only safe but also available 24/7. Overwhelming evidence indicates that Climate change is a reality. Extreme weather and long term climate change threaten all parts of the business world.
So why am I writing about this in a magazine aimed at the Counter Terrorism community? Well in my experience many critical buildings have been built on flood plains and near rivers. Others have been built in areas that can only be described as troubled. The best thing about a business taking care to make itself resilient, is that it also makes the country safer against terrorism.
So let’s focus on Data centres. Over the years I have visited a number of critical sites including Data Centres. It struck me that a number of Data centres have been built perilously close to areas in real danger of flooding. I have always been struck by how innocuous they look, yet how complex they are inside. A great deal of consideration has usually been given to power. Mostly they have redundant power supplies, more than one entry to the national grid and even thousands of car batteries to ensure a constant supply of energy prior to the shiny and new generators kicking in. But, how many centres are liable to flooding and other natural disasters? How many can survive an inundation?
I imagine that most businesses consider doing due diligence on their supply chain, but does that include suppliers of Data Warehousing? It may be a useful addition to your business continuity considerations to ask your data centre supplier a few questions;
How safe their data centre is from natural disasters? Is it on a flood plain? What arrangements are in place to secure it from inundation? Is my data backed up at other centres? In an age where we seem to have natural disasters every month, will your data be available to you if the rains keep coming?
Taking the concept of a resilient Data Centre a little further I wonder how many businesses actually know where their data is stored. Is it for example being stored overseas? If Data is being warehoused overseas the same questions should be asked as extreme weather is not a UK only phenomenon. But other questions should be considered such as which country is being used to store the data? Which non-UK legislation applies to your Data? Can for instance the hosting countries Security services get access to your data? Most businesses would ensure that their staff would pay a visit to a site that was holding physical stock. I wonder how many businesses check out their Data Warehouse provider. Should you be one of those who do their checks properly, then the following are indicators of a Centre that takes its security seriously.
A Layered Approach
These include the physical security of the site. The centre should provide a layered approach to security with fences, gates, lighting and CCTV linked with access control measures. Perimeters should be demarcated and secured with a fence or other physical measures supported by appropriate surveillance and monitoring systems.
Good physical security should be backed up by personnel security and it is right that you ask questions of the service provider about the vetting of their staff on site and whether they have policies on staff training, security guidelines and the such-like. The ‘insider’ may present the greatest single threat to Data Centre operations. Any deficiencies in these areas mean that you may want to consider using a new service provider.
My advice to you is to make sure you do the same due diligence on the storage of your data as you would on those other service providers you use. Don’t take risks with your data. Arguably it’s your most valuable asset. Make sure it is safe. Loss of, corruption to or the lack of availability of data can spell the end for a business. Your reputation may depend on it.
About the author
Chris Philips is the founder and managing director of the International Protect and Prepare Security Office. He has extensive policing experience in both Public order and community based policing. His specialism is in the field of strategic counter terrorism advice and best practice. As head of the National Counter Terrorism Security Office he had three major responsibilities within the UK. His speaking typically includes 30 plus keynote speeches a year at major conferences in the UK and abroad.