One of the challenges is co-location is getting sign off from the IT Security team, getting the sign off that the risk has been off properly and therefore that the organization isn’t risking it’s reputation, it’s data unnecessarily.
So I got a tour last weekend very kindly of a new datacenter that one of the large corporates has just signed up to.Â
It’s very nice you know, very new, very efficient. I was shown the security: (I think they were hoping I’d sign up)
- Hand scanners for the front entrance
- Security cameras on the roof
- Eye scanners available
- Security cameras at every door
- Very thick walls able to withstand something shocking
- 24/7 security
- Individal datacenter keys for each business
- Lights out until you enter the datacenter
- 24/7 monitoring of the datacenter with escalation to your ops team
- Dual power feeds
- Dual backup power - batteries and generator
- Eight different communications suppliers coming into the site
- Fire proof doors
- Fire proof operations center to monitor your datacenter
As I walked around this facility, two thoughts came to mind:
- Fantastic security just what most banks would want
- How much is hosting without items 1,3,4,5,14?
The large corporates need to handover datacenter management on a daily basis to someone else, it’s not their core business, it’s expensive and time consuming. However, at the same point, I can image our IT security team walking around notepad in hand writing down how secure, fantastic it was, look hand scanners, brilliant, but over the 3 years, I’ve committed to this datacenter, how much is that costing me?
There is a cost associated to security, by all means the Financial Services Authority mandates that our IT infrastructure is secure, however, the typical kind of setup in an office building is a couple of video cameras and a door pass. There needs to be a risk vs. cost assessment, for grid engines, raw calculation boxes the data tends to be near real time, of very little value after the event.
IT security need to be risk averse in a logical cost based approach, assess the risk, the exposure, get the risk signed off,next.



February 1st, 2007 at 3:01 pm
This is a great point. Are IT security folks too paranoid about physical security of their data centers? Certainly there has to be some precautions taken, but you don’t often hear about someone breaking into a data center. What you hear about is some employee leaving their company laptop somewhere and it gets stolen, and the data center is breached that way.