For those lucky enough to be able to buy a house, many factors will contribute to the choice. The biggest factor is, does this house really meet your family's needs? From location to safety, there are always several considerations to be thought about to ensure a house is up to standards.
Much like a family, every business has unique needs. So why do businesses often neglect taking the necessary steps and asking the important questions when vetting potential data centers? Especially as data is mission-critical for businesses. Businesses cannot afford to overlook whether their needs are being met, as the safest data center is the one that works the best for them.
Before making the leap to either house your data in a data center or migrate to a different provider, businesses should do some deep digging into the data center and be aware of the signs of a reliable and sensible center.
Don't be blinded by the tiers
To guide businesses, a Tier Classification System ranging from I to IV has been put in place, showing the data centers' level of security and potential downtime, with Tier IV being the best-performing. However, whilst helpful, organizations have become entranced by Tier IV. They're revered as the ultimate data center, but the reality is that a Tier IV-standard data center is usually way beyond what’s required for a company’s risk appetite. The Tier system also only accounts for maintenance, power, cooling and fault capabilities – it doesn’t factor in security. And security should be one of the core considerations when considering data center providers.
Organizations should always take a risk-based approach, considering the type of data your organization holds and its value. This not only means unearthing what standard of data center is the most suitable but also where the center is located. Inner city data centers appeal to organizations but using a center in a main city hub like London may increase the potential for downtime while increasing price. Those along the M25 also have their own risks, such as having a higher chance of using legacy operational technology (OT), the hardware used to run a center.
Beyond the risks of choosing a data center in a central hub, there are restrictions around physically accessing the data center. Deciding between an inner city or edge data center depends on where an organization's office is, as travel time and proximity will be impacted. Essentially your final choice of data center should factor in the ease of getting to it from the company office – whether in a city or not. Put it this way, you would be reluctant to buy a house that requires you to commute for hours, so it should be the same when picking a data center.
Treat the data in the physical rack like the data on the internet
Data centers are not immune to cyber threats and actors, there are multiple ways that your data could be accessed. However, there’s no need to fear, if you’ve done your due diligence and taken a risk-based approach, all should be fine, bar an unforeseeable disaster.
It's important to make sure that whatever data center you are considering is entirely risk-averse. There are some great indicators and means to ensure that data centers are trying to remedy these risks. First, data centers should have basic security procedures, such as air-gapping, where external devices or networks cannot connect to the data center's network.
While it may seem that data centers, who have taken active steps towards receiving international infosec standards such as ISO27001, signal they are making an effort to lessen risks. This shouldn't be taken at face value. As an organization, you can never be too certain whether the center takes these standards seriously or if it’s just a tick in a box for them. Instead, if data centers have taken steps towards receiving the PCI or any other security certification alongside ISO, it is a sure sign that they are serious about making their data center as robust as possible.
Organizations must also look into how the data center will continue to operate and get back to functioning normally if an unplanned outage occurs – a reliable and trustworthy data center will have concrete plans. Reading through business continuity plans is crucial, as it allows one to get a full idea of a center’s contingency plan. Business continuity plans list ways the data center aims to keep services ongoing and recover from a variety of issues. It is also imperative to explore shared responsibility models, which will establish your role and the data center’s role in keeping your data as secure as possible.
It's a two-way street
Buying a house requires potential buyers to ask estate agents questions to fill in information gaps. Similarly, businesses should question data centers on how the facility operates, looking at a range of variables such as rack space, cooling and power supplies. However, questions should not be isolated to the physical storage environment, one should always be interested in physical security, and the already mentioned cybersecurity measures. Alongside asking questions, thoroughly read through the contractual details to know the complete data center offerings, such as additional charges for maintenance.
When buying a house, it is easy to fall for estate agents’ sale pitches. Likewise, data center representatives tend to paint their data center in the best light, so it is important to avoid getting caught up in the sales patter. Amongst discussions between potential users and vendors, data centers should ask you what your exact needs are, explaining why they should be your first choice. But, it's a two-way street when asking these questions, you must be extremely open about your needs. Data centers must be clear on organizations' needs to evaluate if their services can meet users' needs, and the only way to do this is to probe potential users. It's a red flag if questions from data centers are missing from the dialogue.
Treat your data like family
At the end of the day, you wouldn't house a loved one in a risk-riddled property. So why would you be any less risk-averse when housing your data? Ask the correct questions, don't fall for any sales gimmicks, and leave no stone unturned.