News Stay informed about the latest enterprise technology news and product updates.

Expert: Beware of being lax with data center security

Data center security has taken on new meaning since the Sept. 11 terrorist attacks. recently sat down with security consultant Thor A. Mollung of Mollung Systems Management, a speaker for a session entitled "Data Center Physical Security Design in a Post 9-11 Environment" at the upcoming Data Center Decisions conference in New York June 1-3 Mollung discussed how security professionals are designing for today's data centers, and how security design relates to business continuity, disaster recovery and high availability.

What has been the most drastic change in data center physical security design since the Sept. 11 terrorist attacks?
Thor A. Mollung
There is more willingness on the construction and design side to accept best practices of security design. Prior to Sept. 11, there was a sense of complacency in terms of what they really wanted to do … there was a lot more emphasis of limiting security budgets. Nowadays architects and business owners are more willing to accept best practices. Security staff can implement changes they wanted to put in place for a long time. I was in the middle of a construction project when Sept. 11 happened, and the company's pocketbooks opened right up. How does security design relate to business continuity?
Actually they are one and the same. Business continuity depends on how one responds to disaster so that the business can continue to operate -- whether it is servers going down or a natural disaster. An organization should include physical security systems with their business continuity plans. What is recovery time objective?
It is key to partner with your business continuity and disaster recovery departments in order to determine how long you can without the use of your security systems. This is known as a security systems recovery time objective or RTO. What really determines RTO is two-fold. One is corporate security's perception of how critical they think their applications are and what the maximum amount of time (measured in hours) that they can last without it. The second part is cost. There is an inherent cost associated with how quickly a system can be returned to normal operations. The longer your RTO is, the less expensive it generally is. They have to measure how quickly they want to be up and running and balance that with what the cost is. How do you address all these issues on a budget?
It's planning and partnering. If you don't partner with your people, you won't have an understanding of where you are in terms of how this all fits into place. If you're not in tune with your own organization and the various departments that support your security systems on a day-to-day basis then you will never understand what it takes and what it costs to provide that support. Building these partnerships and getting on the same page is a key part of ensuring your budget is sound. So how do you adequately plan for a budget? A lot of partnering and a lot of team work with those departments that provide the support mentioned earlier. If you can't understand what it is you're budgeting or where the costs are and why, then you will most certainly go off the deep end with bells and whistles you don't need ... or worse, not budget enough for the features that you really do need.

Dig Deeper on Data center design and facilities

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.