Saturday, June 30, 2012

Risk Assestment & Data centres

The business continuity management (BCM) has several tools, one of them is the Risk Analysis. But what must be included for a good RA?

Well I have to say after 20 years doing this studies in my country that the very first thing is that the social/political/economic situation is the very first, why? When we started in our country was a very different enviroment tha it is today, just this week we have had two bombing attemps in two different cities; so in 1993 this situation was uninmaginable, today a fact.

So what I am saying is for DCs where today the most precious valuable is located (information), the RA must consider all of those issues that can be "far far away", lets go into them

Natural disaster: floods, earthquake, tsunamies, tornados, volcanos, ........ Human: terrorism, sabotage (digital as well), war, Information , fire, trespassing,..... Biological: viruses, .....
Exists multitude of methodologies that you can use for this task, however my suggestion before you choose one of them is to set which are the priority treaths that you want to evaluate in the RA, so with the adecuate method in the RA you will be able to get the better assestment.

So if we want to prevent all of them it will cost a lot, lot, lot of money; so we have after all of them have been detected to set the priority to keep mitigate, this can be done during the Business Impact Analysis (BIA) other excellent tool to help us in getting the BCM appropiate for our facility.

Just in this point, the security proffesional has to meet the architectural,  security teams to address each vulnerabilty in the found in the field to understand which combined solution alternatives should be use to mitigate the weakness of this site.

The DC designer must include all the recomendations (benefit-cost) and give enough weigth in the total design (new or refurbish) for this facility; today a DC is not longer CRACs, UPS, generators, structured cabling, and so, but an integral design in:

* architecture
* cooling
* energy
* safety
* IT transport

All of them have to be taken in consideration,

or what is your opinion?

Roberto Sanchez, RCDD

Sunday, June 3, 2012

DC physical security / Seguridad Fisica del centro de datos

One vision on critical mission facilities is the SECURITY, not only the control access and CCTV gadgets, but the RISK Analisys that lead the Business Impact Analysis that gives the guidelines to set a Busines Continuity Plan that cover the BCM

This DC system must be take in consideration since the idea DC conception for a new or refurbishment project. This system should include four components in every design: + Deter + Detect + Delay + Detain

Depending on each country laws a Data Center operator can use a different combination of alternatives in the following issues:
-Campus &Building
-Electronics Survilliance & Access

This Security Sistems has to be planned and design in conjunction with the architecture &

Safety designers to assure that every operational procedure will have an integral vision to address the DC needs. But what do you think?

Roberto sanchez,RCDD