Expert: Beware of being lax with data center security

Interview

Expert: Beware of being lax with data center security

What has been the most drastic change in data center physical security design since the Sept. 11 terrorist attacks?
Thor A. Mollung

    Requires Free Membership to View

    Login

    When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with data center technologies.

    Cathleen A. Gagne, Senior Editorial Director

    By submitting your registration information to SearchDataCenter.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchDataCenter.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

There is more willingness on the construction and design side to accept best practices of security design. Prior to Sept. 11, there was a sense of complacency in terms of what they really wanted to do … there was a lot more emphasis of limiting security budgets. Nowadays architects and business owners are more willing to accept best practices. Security staff can implement changes they wanted to put in place for a long time. I was in the middle of a construction project when Sept. 11 happened, and the company's pocketbooks opened right up. How does security design relate to business continuity?
Actually they are one and the same. Business continuity depends on how one responds to disaster so that the business can continue to operate -- whether it is servers going down or a natural disaster. An organization should include physical security systems with their business continuity plans. What is recovery time objective?
It is key to partner with your business continuity and disaster recovery departments in order to determine how long you can without the use of your security systems. This is known as a security systems recovery time objective or RTO. What really determines RTO is two-fold. One is corporate security's perception of how critical they think their applications are and what the maximum amount of time (measured in hours) that they can last without it. The second part is cost. There is an inherent cost associated with how quickly a system can be returned to normal operations. The longer your RTO is, the less expensive it generally is. They have to measure how quickly they want to be up and running and balance that with what the cost is. How do you address all these issues on a budget?
It's planning and partnering. If you don't partner with your people, you won't have an understanding of where you are in terms of how this all fits into place. If you're not in tune with your own organization and the various departments that support your security systems on a day-to-day basis then you will never understand what it takes and what it costs to provide that support. Building these partnerships and getting on the same page is a key part of ensuring your budget is sound. So how do you adequately plan for a budget? A lot of partnering and a lot of team work with those departments that provide the support mentioned earlier. If you can't understand what it is you're budgeting or where the costs are and why, then you will most certainly go off the deep end with bells and whistles you don't need ... or worse, not budget enough for the features that you really do need.