Housing computer systems and associated components, data centers generally include redundant and/or backup power supplies, redundant data communications connections, environmental systems and controls, and security systems.
“There are now millions of servers in data centers holding enterprise-wide, mission-critical data, making security an extreme priority for companies’ chief information officers (CIOs) and chief security officers (CSOs) when deciding whether to move data out of the facility,” said Dave Asprey, vice president of cloud security for Trend Micro Inc., Cupertino, Calif.
Whether the data center is a co-location facility—storing the data of several companies—or an enterprise data center that is owned and operated by a single entity, the physical and virtual security best practices are very similar, said Richard Donaldson, CEO and co-founder of 6Connect Inc., San Jose, Calif. Protecting data requires firewalls, encryption, and secure communication on virtual private networks (VPNs). On the physical side, unauthorized intrusion is certainly the No. 1 concern since most hacks are perpetrated locally.
“Current trends are forcing the placement of all the components of data center security on the Internet, which enables centralized management, data capture and analysis, and further allows operators to fine-tune the facility,” Donaldson said.
As regulations that affect security and privacy issues are promulgated, such as the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and the Sarbanes-Oxley Act of 2002, companies seek data centers that ensure a strong control environment, complete with data center security best practices. These practices are frequently tested to ensure compliance with the Statement on Auditing Standards (SAS) No. 70 independent audit standard.
“SAS 70 is a common accreditation that a data center would seek because it demonstrates that the facility is adhering to its own operational policies,” Asprey said.
This becomes particularly important during moves, adds and changes, which is a vulnerable time for data centers.
SAS 70 has been in place since 1992 and is the most recognized compliance audit for testing and reporting on controls in place at data centers. According to the SAS 70 website, a data center best-practices program for physical security includes having the perimeter walls, doors and windows offer Underwriters Laboratories-rated ballistic protection, and having intrusion protection, security system and continuous backup power, an electronic access control system, alarms and cameras.
Other accreditations available include the Payment Card Industry Data Security Standard, the U.S. Department of Commerce Safe Harbor Certification, and the Up-Time Institute’s Tier 4 data center certification, which mandates that all cooling equipment be independently dual-powered.
Inefficient heating, ventilating and air conditioning (HVAC) systems is one of the biggest issues in data centers.
“Specific to electrical contractors, however, is the idea of squeezing out as much electrical loss in the system from the point of power generation to the actual power receptacle in the cabinet,” Donaldson said. “With proper monitoring (which is surging to the forefront of concerns), facility owners can have a single, unified portal that monitors all the systems within the center.”
That will require, however, that the electrical contractor gain some basic information technology and networking education and the ability to deploy new designs.
Trend Micro’s Asprey said that contractors can design the control systems for the electrical infrastructure so it is vertically integrated with the security system and horizontally integrated with the building management system.
“The electrical contractor can help the data center demonstrate that power and security are tightly integrated and that the building and data are completely secure,” he said.
And, in a Tier 4 data center, which requires 99.995 percent power availability, contractors are in the best position to demonstrate to building designers how to build physical security directly into the data center, protect the power system and provide customers with an integrated security system.
In the future, there will be more opportunities for electrical contractors to integrate the data center’s electrical system with the IT and data infrastructure, enabling the power load to be shifted to an area with the lowest electrical costs.
“This will give the data center operator more flexible control of power consumption,” Asprey said.
With data centers possibly representing the fastest growing segment of electrical consumption on the grid today, 6Connect’s Donaldson said that the market segment provides unique business opportunities for contractors that learn data center electrical and security best practices.
“I think opportunities lay in cogeneration, co-building power plants and data centers next to each other or fully integrating them, and monitoring usage patterns,” he said.
BREMER, a freelance writer based in Solomons, Md., contributes frequently to ELECTRICAL CONTRACTOR. She can be reached at 410.394.6966 and firstname.lastname@example.org.