Data Centered: Tips and Best Practices for Evaluating and Using a Data Center
As a number of events in recent times have clearly demonstrated, now more than ever, businesses need to be prepared for effects of both manmade and natural disasters.
In the event of a natural disaster, power outage or other disruption, the ability to preserve essential data and maintain business continuity is critically important. What was once the concern of a few select data-dependent industries and high-tech companies is now an issue for growing numbers of professionals representing an expanding range of industries. Whether it is a localized outage or a large-scale emergency, any interruption to business has the potential to be financially and operationally devastating, making business continuity preparation and disaster recovery planning a necessity for virtually all businesses.
As companies assimilate and adapt to new technologies and processes, establishing and maintaining business continuity practices becomes even more of a challenge. The speed with which information is exchanged has increased dramatically, and although new processing power and data management capabilities yield greater efficiency, they also introduce new challenges: tighter deadlines, increased expectations, new financial pressures and thorny logistical issues. The exploding popularity and growing ubiquity of cloud computing is perhaps the most prominent example of this double-edged trend, as remote data storage and backup at a data center offers both a compelling solution and a new set of trials for business continuity.
As a result, decision makers at companies large and small need to educate themselves about what to look for in a data center—including the technological components, infrastructure priorities and security standards that should drive their selection—to ensure their data center facility is reliable and their business information is safe and secure in any situation. The right data center and the right business continuity policies, practices and procedures will not only enhance a company’s ability to protect sensitive information and maintain operational continuity in the face of exceptional or emergency circumstances, but it will also enable that company to remain compliant in an increasingly robust and evolving regulatory environment.
A New Paradigm
The need for increased data security, mobility, flexibility and business continuity is closely tied to the acceleration of business processes and the corresponding acceleration of business expectations. Gone are the sticky-note reminders and phone messages stuck to the top of your desk—today, the clutter atop actual desks has been largely replaced by the electronic urgency of the figurative desktop and the immediacy of email and other electronic communications. There is no lag time: communication is expected to be immediate, and data is expected to be available 24/7. Engineering and technology have advanced to the point that there is no excuse not to have communication and data highly available from a resources standpoint. Today, it is just a matter of deciding to make it happen.
Mostly Cloudy
In the context of a faster and more demanding professional environment, the solution for many businesses is colocation/cloud computing, a concept that confers significant advantages in data management flexibility, access to information and security/business continuity. The formidable problems posed by a power outage, failed server or a cut data line can all be mitigated or avoided by having data stored and available in multiple locations. Today, companies are beginning to understand that if they do not maintain their critical data in several geographically disbursed locations, they simply are not representing their clients’ interests to the degree that they should. Remote data storage and backup is the new normal.
At the same time, most businesses are realizing that they can get more or better technology bang for their buck by outsourcing their cloud computing and remote storage/backup requirements. The recognition that a company does not have to own or operate the technology in house has opened up a whole new world and made cloud computing and remote access, backup and data storage available to many more businesses. This is good news both for the companies who want to have their data running and protected on top-tier equipment (with safe, secure and regular backup) and for clients who want to ensure that the stewardship of their information is top notch and meets their needs.
Analyzing Your Data Center Needs
Although there is a lot to think about when deciding what kind of data center you need and what kind of backup/protection program is right for your business, perhaps the most important piece of advice for any IT professional or business owner is this: do not pay for more than what you need. This all-too-common error is often the result of a decision that is made without thinking critically about how a data center’s services and technologies apply to the business model. There are two primary big-picture considerations that come into play when trying to determine what level of protection is right for you: your recovery time objective (RTO) and your recovery point objective (RPO)
- Recovery time objective (RTO): The RTO is the amount of time that an outage will last—or, more specifically, how long can you afford an outage to last. The answer may be seconds, minutes, hours, days or weeks, but it should be evaluated in the context of your business operations and requirements. Many businesses do not take the time to answer this question with precision, and they end up taking a wild guess that leaves them either underprotected or spending more than they really must. RTO calculations should also consider what the customers expect/require, as well.
- Recovery point objective (RPO): The RPO is the point at which the loss of data becomes a problem. Essentially, businesses must ask themselves if they can afford to lose data and, if so, how much data. The answer to this question will determine how often you need to be backing up your information, something that can be done daily, hourly or by the minute. The cost varies dramatically, making it all the more important to determine how much data your business can live without, and how much data can be reproduced internally in the event of a disaster or business interruption.
Business Continuity
Determining your RTO and RPO is an important first step in deciding what the contours of your business continuity plan need to be, as well as how aggressive you need to be with regard to data protection and backup planning. The range of options here is significant, both in the timeline for post-disaster recovery—which can entail a lag time of a day or a few hours to rebuild or reconstitute your information in a different data center—and in the mechanisms used to facilitate that process. There are a number of technology and procedural options (with corresponding cost considerations) for backing up your critical data that will affect your business continuity planning. A business can opt for synchronous data replication (essentially instant redundancy/backup in two places at once) or asynchronous replication, which includes a small lag time and is independent of the distance between facilities. In the event of a power outage or catastrophic interruption, some businesses may need to be instantly redirected for transfer so they can get up and running at another location almost immediately, while others (especially smaller businesses) prefer to select a more affordable recovery plan that requires a lag of a day or so while their data is “rehydrated” and they return to operational status. It all comes down to the expense, and to the reputation requirements and survivability of a business.
Data Center Facility Evaluation
Even the most thoughtful disaster preparedness or well-designed business continuity plan will fall short if the technical architecture, security apparatus and logistical support of the data center are not up to the challenge. Evaluating potential data centers is a detailed process that includes asking a number of pointed questions.
Is the facility at a strategically selected location (a site that is geographically favorable and geologically stable)? How protected is the facility/server room? Do security cameras monitor both the perimeter and interior of the complex to protect against theft, malicious activity and accidents? Do those cameras record, and how long are those recordings maintained? Does the facility boast sophisticated and redundant cooling systems, and can it provide an uninterruptible power supply in the event of brownouts, blackouts or service interruptions? Is there appropriate battery protection/backup that facilitates a coordinated shutdown instead of a hard crash that can potentially corrupt data? Are the facility’s systems monitored by software that tracks all equipment for warning signs like temperature spikes or system failures? Is the data center equipped with a next-generation gaseous fire-suppression system that will not unnecessarily harm infrastructure in the event of a fire? Is access to sensitive areas restricted and, if so, how? Is there a badge reader or an ID system? Are logs kept of all entries and exits? Are tours/inspections given on a regular basis?
If the answer to one or more of these questions fails to meet your expectations, the data center provider may not be the right fit for your business.
The Big Picture
Although IT professionals understand many of the technical aspects of data center evaluation and business continuity planning, the challenge for business owners and high-level decision makers is to improve their own understanding of these issues. It is an encouraging sign that more owners and operators are getting involved by educating themselves about the increasingly central role of technology in today’s business environment. A more sophisticated understanding of the risks and available solutions can help any responsible business take the critical steps required to mitigate risk—because before you can select the right data center or develop and implement a business continuity plan, you need to have an informed conversation about priorities and processes.
In addition to security, peace of mind and financial protections, the selection of a quality data center and the implementation of an effective plan also add value in another way: transparency. Businesses that can easily and efficiently produce compliance documentation save themselves enormous amounts of time and money. These days, successfully navigating the regulatory landscape demands more than just checking boxes: It requires a sophisticated understanding of what it means to be compliant. Frequently, it comes down to the experience of the technical group designing the systems. Does it truly understand what ambiguous terms like “physical security” actually mean in practice?
Even though selecting the right data center is not the only step toward safeguarding your data and positioning your business for success in an increasingly virtual world, it is a critical piece of the business continuity puzzle.
Leading article image courtesy of 123net
About the Authors
Philip Curton and Ronald Redmer work for NDeX, a Farmington Hills, Mich.-based leading provider of processing and technology services to law firms nationwide. Phil serves as private cloud services director of NDeX, and Ron serves as chief information officer. Contact Phil atpcurton@ndex.com and Ron atrredmer@ndexteam.com.