Bad weather is inevitable, and so are the risks it carries with it. Recent hurricanes like Harvey and Irma have wrought destruction in the form of floods, power outages and building rubble. These possibilities push risk to the forefront of any data center manager’s agenda.
Headquartered in Florida, vXchnge has first-hand knowledge of planning for, and dealing with, natural disasters such as hurricanes. According to Ernest Sampera, chief marketing officer, it’s critical to have a disaster recovery plan and contingencies in place (including redundant operations) in case a data center is shut down due to a natural disaster.
“But most importantly, all data center operators should be concerned with employee safety,” Sampera told us. “Data centers need to prepare for disaster recovery without the aid of those employees experiencing the disaster themselves.
“Data center operators should have employees from outside the affected region handle the disaster recovery to ensure they are focused on customer uptime and keeping employees safe.”
Risky business
Michael Wise, information security auditor at KirkpatrickPrice, says that with the impact of hurricanes like Harvey and Irma, risks in relation to natural disasters such as flooding have taken a new level of importance for data center operators. “Harvey brought with it unprecedented flood waters for the Houston area,” Wise explained, “and it highlighted risks that floods pose to data centers. Data centers that experience floods have to contend with the inability for personnel to get to facilities because of roads being impassable.”
Wise says another risk is how flood waters will impact emergency power delivery in the event of a utility failure. This risk includes the availability of fuel and spare parts for emergency power systems. “Hurricane Harvey emphasized the necessity for having a disaster recovery plan and ensuring that all operation staff know their roles and responsibilities in the plan.”
So how can data centers be risk-proactive when it comes to natural disasters? Keith Klesner, senior vice president of North America for the Uptime Institute is an evangelist in this area.
“During the site selection process, organizations should always consider natural risks of individual properties. Certainly this year, natural disaster risk is on the rise with multiple extreme weather events. However, some site location risks can be mitigated, but investment on the scale of tens and hundreds of millions of dollars in a data center and associated equipment should consider site risk as a fundamental criteria.”
He added the shift from compute residing near corporate headquarters to lower risk and lower cost regions has proven effective for many enterprises.
Broadening the scope, Sampera says data center operators must be prepared for all disaster recovery scenarios. He elaborated: “Data center operators must have various scenarios mapped out and must consistently practice for potential disaster scenarios a number of times to ensure all employees know the procedures for disasters. It’s important for data center operators to also understand their supplier’s protocols, and to make sure there is diesel fuel available in the case of electrical power failures.”
Along the lines of general risk, data center managers should continually protect and educate themselves. But to Keith Klesner, there’s no easy way to do this. He says it’s a difficult endeavor because there are scores of “experts” who can provide long lists of deficiencies, best practices and criteria for data centers. He explained: “distilling the information, analyzing the data and building consensus within your own organization are the key measurement of success. You need to be able to analyze your information and be prepared to accept some level of risk as weighted against cost, performance and overall business impact.” Klesner says these assessments require a multidisciplinary approach with numerous stakeholders across a business.
Michael Wise agrees that data centers should be completing risk assessments regularly, where they take a deep dive into potential risks that can threaten a business. “Through the use of a good risk assessment process, the data center can analyze and find strategies to deal with exposed risks. Additionally, data centers should be frequently certifying all personnel on procedures specific to the data center operation. Making sure data center personnel have an intimate knowledge of site specific procedures is a key component of handling risks.”
Look within yourself
But don’t look only at the outside, Wise says. “When analyzing risks, data center operators need to make sure they are not only looking at external risks, but internal risks as well. Analysis needs to happen not only on how a data center will respond to a natural disaster, but how it will respond to things like human failure as well.”
Taking a well-rounded approach is also a prudent move, Klesner adds. “Risk management requires engineering, finance, business and communications skills. The data center industry must continue to grow the skillsets of data center professionals to better support IT and applications critical to our business and economic growth.”
Using an exhaustive approach is a common recommendation. Sampera says that the best way for data centers to protect themselves from risk is to have experts in all areas of data center operations: security, maintenance, compliance and disaster recovery.
He cites vXchnge as an example - it hires experts in these areas and partners with leading security providers such as Level 3 and AT&T to ensure clients have knowledgeable and highly capable teams in these core areas.
Overall, however, Sampera says it’s very important that organizations meet the operators of their data centers and ask about their commitment to providing unparalleled, physically and digitally secure service and their uptime guarantees.
He elaborated: “The data center’s facility manager should have disaster prevention and recovery experience and be well versed in the standard operating procedures. Reputation is important, but establishing a personal relationship with your data center operator is equally important.”
In Sampera’s opinion, it’s vital for customers to understand, review and discuss the practices and frequencies of the data center operator’s MOPs and SOPs. He says customers should also ask to review their data center provider’s disaster recovery plan. “If your data center operator does not have a detailed disaster recovery plan, it’s time to walk away.”
This article appeared in the October/November issue of DCD Magazine. Subscribe to the digital and paper editions here: