For almost any major contemporary company, the data center is key. As IBM describes them, data centers are physical facilities that house and protect a business’s IT infrastructure. The essential data that enables a company to function is housed by these centers. This makes fortifying their physical security absolutely crucial for any firm.
In a piece for Data Center Knowledge, Drew Robb describes just how devastating a disaster like a fire at one of these centers can be for a company. Robb posits the hypothetical scenario of a 5 a.m. fire breaking out at a data center, and how one has to immediately answer the call to put it out. The big difference between successfully mitigating damage from this kind of event and not rests in proper “incident management” response and “disaster recovery” processes.
By having a plan in place, lasting damage to a company and a brand can be avoided.
It’s all about putting out both literal and proverbial fires.
Robb quotes James Monek, director of technology infrastructure and operations at Lehigh University, who walked the audience through these kinds of data center threats at Data Center World this year. During his presentation, Monek said one of the keys to responding to an on-premises fire of this magnitude was to avoid panicking and make sure his security team was appropriately trained by way of “recovery and business continuity drills.”
“Clear workflows for incident communication were also part of the equation, as well as spending time after resolution to investigate root causes, lessons learned, and make any revisions to existing incident response methodologies to cope better the next time a disaster occurs,” Monek explained of a Lehigh data center fire. “Staff performed their roles well as part of a coordinated, divide and conquer approach. We arranged technical teams to focus on the recovery of resources and another team tasked with providing leadership with updates and to communicate to the wider college community.”
In short, responding to this kind of major physical security threat involves a multi-pronged approach. All staff have to be trained and prepared for the unexpected.
After neutralizing the threat, Monek added that a big part of the process is to then prepare a detailed report, a “blameless retrospective” that laid out clearly all of the moving parts that led to the fire at the data center. In these incident reports, it’s important to detail everything that worked and didn’t work and essentially lay out a blueprint for how to improve down the line.
In a data-driven age, physical threats like fires, security breaches, and external attacks by bad actors that target data centers can expose sensitive information and potentially hobble a company’s ability to function. Ensuring a plan is in place — and having the knowledge and skills to implement it — can make all the difference.
For more of Robb’s reporting on Monek’s presentation and recommendations, read the full article here.
Peter Cavicchia II 