Top 10: Risk management best practices

To kickstart the new year, Data Centre Magazine explores some of the most successful risk management practices that companies are being encouraged to take

Data centres, the backbone of the digital age, are often taken for granted until they encounter disruptions that bring the world to a standstill. These sophisticated facilities, housing vast amounts of data and essential infrastructure, are vulnerable to a range of issues that can cause severe disruptions.

Due to their nature, data centres are susceptible to a number of external threats, including power outages, fires, extreme weather, and cyberattacks. On top of this, these facilities also have to endure internal threats that can lead to disruptions, outages, and data loss. 

According to Uptime’s Annual Outage Analysis 2023 report, when outages do occur, they are becoming increasingly expensive, which is a trend likely to continue as dependency on digital services also increases. With more than two-thirds of all outages costing more than US$100,000, the business case for investing more in resiliency — and training — is becoming stronger.

Data Centre Magazine takes a look at the ways in which enterprises can avoid and overcome these risks through best management practices.

10. Understand the different types of risk

As previously mentioned, data centres face a range of threats from both external and internal sources. To safeguard data integrity and ensure seamless operations, organisations need to adopt a comprehensive data centre risk management plan, which involves implementing robust cybersecurity measures, diversifying operations geographically, and investing in backup power solutions. 

On top of this, by maintaining hardware regularly, providing staff training, and considering outsourcing cybersecurity needs to specialised firms, organisations can enhance the resilience of their data centres and protect their critical data.

9. Implement a multi-layered defence strategy

The server, storage, and networking equipment in data centres are the lifeblood of the business, holding a company's most valuable assets, such as customer data, financial information, and intellectual property. If these systems go down, the consequences could be severe.

In order to protect data centres from harm, industry leaders must implement a multi-layered defence strategy which includes physical security measures to protect the facilities from physical threats, such as theft or vandalism, as well as cybersecurity measures to protect data from digital threats, like cyberattacks.

8. Make sure there is a power backup

The uninterruptible power supply (UPS) system is a crucial component of any data centre, acting as a lifeline to ensure uninterrupted power supply during unexpected outages. A UPS system mitigates the risk of data loss, hardware damage, and service disruptions caused by power fluctuations or blackouts. However, UPS failures are surprisingly common, accounting for the highest percentage of data centre outages. 

Implementing a backup generator capable of sustaining the data centre for over 24 hours without reliance on the local grid can mean the difference between minor disruptions and a catastrophic event. Evaluating the risks to your data centre will guide your choice between N+1, 2N, or 2N+1 redundancy levels.

7. Location matters

The physical location of a data centre plays a crucial role in its overall resilience and ability to withstand potential disruptions. Extreme weather events all over the world reinforce the need for data centre operators to carefully consider the location of their facilities, ensuring they are situated in areas with a stable infrastructure and robust protection against natural disasters.

By carefully selecting locations that are better protected, data centres can safeguard critical data and maintain uninterrupted operations, even in the face of extreme weather events. This proactive approach is essential for maintaining business continuity and upholding the trust placed in data centres.

6. Secrecy and safety are imperative

One of the simplest yet most effective strategies to enhance physical security is to keep the data centre's location concealed. Tech giants like Amazon Web Services (AWS) and Google Cloud Platform (GCP) are renowned for their data centres, but their precise locations remain largely hidden from the public eye. 

This intentional secrecy is not merely a marketing ploy; it's a strategic decision to reduce physical threats to their valuable data assets. By keeping the data centre's location under wraps, potential attackers are deprived of easy targets and without clear signage or public awareness, attackers would have difficulty identifying and accessing the data centre.

5. Implement a zero-trust strategy

In the ever-evolving cybersecurity landscape, the concept of "zero trust" has emerged as a paramount strategy for data centres. This approach challenges the traditional assumption of implicit trust within the network, instead adopting a "never trust, always verify" stance. Every data packet and access request is meticulously scrutinised and authorised based on predefined security policies, ensuring that only legitimate traffic gains entry. 

Embracing zero trust security is a proactive approach to safeguarding critical data, ensuring its integrity and confidentiality despite evolving cyber threats. By adopting this strategy, data centres can foster a resilient and secure environment, enabling uninterrupted operations and safeguarding the valuable assets entrusted to their care.

4. Gain insight to ensure visibility

Unparalleled visibility across the entire data centre network is crucial for identifying and addressing emerging threats in real-time. This level of transparency allows operators to monitor network traffic, detect anomalies, and pinpoint potential intrusions before they can escalate into full-blown cyberattacks. By gaining insight into every device, user, and application within the data centre, operators can proactively neutralize threats before they can cause significant damage.

On top of this, constant surveillance serves as a proactive layer of defence against physical breaches and unauthorised access. Video monitoring of the facility's exterior and interior, combined with access control systems, ensures that only authorised personnel can enter the data centre premises.

3. Perform regular testing

Testing and drills are essential for maintaining the security of data centres. By simulating real-world events, data centres can identify and address vulnerabilities before they can be exploited by attackers. There are two main types of testing and drills that data centres can conduct, tabletop exercises (TTXs) and penetration testing. 

TTXs are a low-cost, low-risk way to test a data centre's response to a security incident, by walking through a hypothetical security incident scenario. Whereas penetration testing is more rigorous and involves a third-party company to attempt to penetrate defences. Both TTXs and penetration testing can provide valuable insights into a data centre's security posture.

2. Address the human capital shortage

Despite their crucial role, data centres often face a significant challenge: the understaffing of qualified personnel. This shortage of skilled workers poses a significant threat to data centre operations and the overall security of the stored data.

To effectively address this problem data centre operators must adopt a proactive approach to invest in their human capital, recognising that their employees are not just assets but also the primary line of defence against potential threats. By attracting top talent, nurturing existing employees, and embedding continuous training and development into their culture will not only ensure safer data centres but also gain a competitive edge over their counterparts.

1. Put your plan to the test

As organisations grow and their data availability needs evolve, it becomes crucial to reevaluate the disaster recovery plan to ensure it adequately caters to the changing landscape. Risk management plans must be dynamic and adaptable to effectively safeguard against emerging threats. 

Creating an elaborate risk management plan is only a starting point; the true value lies in testing, refining, and retesting the plan to ensure its effectiveness in the face of real-world scenarios. The testing frequency should align with the data's criticality and the organisation's risk tolerance, but regardless of the frequency chosen, every test must be thorough, covering all aspects of the disaster recovery plan.

******

For more insights into the world of Data Centre - check out the latest edition of Data Centre Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Mobile Magazine.

Please also check out our upcoming event - Sustainability LIVE Net Zero on 6 and 7 March 2024.  

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.

Share

Featured Lists

Top 10: Women in Data Centres in APAC

We consider some of the leading women working across the data centre industry in the Asia-Pacific (APAC) region to improve global connectivity

Top 10: Hyperscalers

Data Centre Magazine examines some of the leading industry hyperscalers around the world that are working to meet the ever-expanding demand for data

Top 10: Women in Data Centres in the US

Data Centre Magazine considers some of the leading women in data centres across the United States, powering some of the leading facilities in the world

Top 10: Women in Data Centres in the UK & Europe

Data Centres

Top 10: Accreditations

I.T.

Top 10: Technology & Data Centre Events 2024

Data Centres