Data Center Security: Preparing for Natural Disasters

Page 1 of 2 next >>

Just as data center security is not synonymous with protection from natural disasters, wind and water protection should be treated as separate problems.

The Case for Data Center Security

Natural disasters like Hurricane Sandy and the tornados that swept through parts of Oklahoma can devastate a community, including homes and enterprises. At the enterprise level, storm "products," principally wind and water, can damage, even destroy, vital facilities like data centers.

Just as 9/11 prodded enterprise planners to invest more heavily in physical security, fearing that terrorists might target data centers and other critical infrastructure, concern over climate change has prompted calls for better protection against "the elements." As more than one pundit has observed, we seem to be experiencing a "storm of the century" every few years.

While, in most cases, new data centers can be built in areas not normally exposed to hurricanes, tornados, and floods, safeguarding existing data centers in areas like the Gulf Coast or the Midwest can be challenging. And as Hurricane Sandy demonstrated, the regions vulnerable to severe storms are expanding, as well as the consequences of such exposure. During Sandy, SunGard Availability Services received 342 customer alerts, and 117 disaster declarations.

The process of protecting a data center from wind and water damage has three primary components:

  1. Rendering the data center's physical facilities more damage resistant;
  2. Decentralizing data center operations, both physically and logically; and
  3. Providing for the continuity of data center operations if protective measures fail.

Data Center Security from Natural Disasters

Protecting a data center against a natural disaster is not the same as securing a data center against an unnatural threat (like a terrorist attack). While certain measures, like reinforcing exterior walls, serve both purposes, other measures, like planting trees and shrubbery to help hide the data center from view, may be great for security but bad for protection. In a storm, for example, the trees surrounding the data center could be uprooted by strong winds and propelled like projectiles against data center walls.

Wind and Water Protection May Require Separate Approaches

Just as data center security is not synonymous with protection from natural disasters, wind and water protection should be treated as separate problems. For example, relocating a data center to higher ground may eliminate flooding as a serious issue, but it may increase the data center's exposure to high winds and lightning strikes. If the data center is located near a flood-prone region of the Mississippi River, for example, the tradeoff may be reasonable. If the data center is located in "Tornado Alley," seeking higher elevation may be contraindicated.

Moving Underground Provides the Best Protection for Data Centers

For total protection against natural disasters, whether the effects of hurricanes, tornados, blizzards, floods, or lightning strikes, many experts agree that underground, or subterranean, facilities offer both maximum protection and security.

For example, United States Secure Hosting and Colocation (USSHC) offers a heavily reinforced underground data center which, according to the vendor, is designed to survive even a nearby nuclear blast. In terms of more probable scenarios, the facility, which is located on a dedicated property at an elevation several hundred feet above the nearest flood plain, is virtually immune to flooding and, of course, high winds.

Data Center Protection Best Practices

Protecting a data center against wind and water damage has several dimensions. For a new data center, enterprise planners should focus on disaster avoidance and resiliency. For an existing data center, they should concentrate on disaster remediation and recovery. Remediation normally means retrofitting the data center to provide greater disaster resistance, provided such modifications can be made economically. In this regard, a cost/benefit analysis is essential. Relevant factors include weather history; damage, if any, from previous storms; and weather trends (which incorporate climate change as an important indicator of future events).

Protecting New Data Centers

Right Location 

While it may seem obvious, build in areas not subject to severe storms. For example, enterprise planners tend to avoid areas around the San Andreas fault for fear of earthquakes. Similarly, planners worried about the effects of high water and high winds should avoid areas with a history of hurricanes and tornados.

Dual Centers 

If financially feasible, build two data centers, not one. Thus, if one data center suffers storm damage, the other data center can continue vital enterprise operations. While this scenario may seem unlikely, consider, for example, that some events, especially tornados, are often highly localized. A tornado could destroy one data center while leaving its companion facility, located just several miles away, untouched.  

Standards Based

Build any new data center according to industry best practices. One such standard is ANSI/BICSI 002-2011, Data Center Design and Implementation Best Practices. BICSI 002, which was updated in 2011, "sets forth requirements, recommendations and additional information that should be considered when working with critical systems, like the electrical, mechanical, and telecommunication networks, as well as other significant needs, such as site selection, security, and building needs."

Page 1 of 2 next >>