Blade Watch is your hub for blade, grid and high performance financial computing news blogged by Martin MacLeod, Blade Consultant. Put this in your feed reader and have a scan every now and then to track what’s cooking around the blade world.
Blade Watch
inicio mail me! sindicaci;ón

Managing datacenter risk

January 31, 2007 at 7:24 pm · Filed under datacenter

One of the challenges is co-location is getting sign off from the IT Security team, getting the sign off that the risk has been off properly and therefore that the organization isn’t risking it’s reputation, it’s data unnecessarily.

So I got a tour last weekend very kindly of a new datacenter that one of the large corporates has just signed up to. 

It’s very nice you know, very new, very efficient. I was shown the security: (I think they were hoping I’d sign up)

  1. Hand scanners for the front entrance
  2. Security cameras on the roof
  3. Eye scanners available
  4. Security cameras at every door
  5. Very thick walls able to withstand something shocking
  6. 24/7 security
  7. Individal datacenter keys for each business
  8. Lights out until you enter the datacenter
  9. 24/7 monitoring of the datacenter with escalation to your ops team
  10. Dual power feeds
  11. Dual backup power - batteries and generator
  12. Eight different communications suppliers coming into the site
  13. Fire proof doors
  14. Fire proof operations center to monitor your datacenter

As I walked around this facility, two thoughts came to mind:

  • Fantastic security just what most banks would want
  • How much is hosting without items 1,3,4,5,14?

The large corporates need to handover datacenter management on a daily basis to someone else, it’s not their core business, it’s expensive and time consuming.  However, at the same point, I can image our IT security team walking around notepad in hand writing down how secure, fantastic it was, look hand scanners, brilliant, but over the 3 years, I’ve committed to this datacenter, how much is that costing me?

There is a cost associated to security, by all means the Financial Services Authority mandates that our IT infrastructure is secure, however, the typical kind of setup in an office building is a couple of video cameras and a door pass.  There needs to be a risk vs. cost assessment, for grid engines, raw calculation boxes the data tends to be near real time, of very little value after the event.

IT security need to be risk averse in a logical cost based approach, assess the risk, the exposure, get the risk signed off,next.

One Response to “Managing datacenter risk”

  1. Mark Says:
    February 1st, 2007 at 3:01 pm

    This is a great point. Are IT security folks too paranoid about physical security of their data centers? Certainly there has to be some precautions taken, but you don’t often hear about someone breaking into a data center. What you hear about is some employee leaving their company laptop somewhere and it gets stolen, and the data center is breached that way.

Leave a Reply