If you are like most employees at a medium-large sized business, you assume that your company’s data center is always going to be there and supplying your necessary applications, data and reports on a daily basis. But what if you decided to peel the layers of the onion back and peek beneath the surface? What you find might surprise you.
Recent disasters such as Hurricane Irene, Texas wildfires, Mid-Atlantic earthquakes, tsunami’s, and tornado’s all highlight the need for a comprehensive and tested disaster recovery plan but most are an “all or nothing” scenario, meaning the entire data center must be unavailable before declaring a disaster. This scenario does not look at individual component failures — the most common problems that escalate into a full blown disaster declaration.
Has your company looked at its data center infrastructure and vulnerabilities to address issues that may prevent a disaster declaration and enhance day-to-day or operational recovery? In some cases there is nothing you can do to prevent a declaration – A direct hit from a tornado, major flooding, earthquakes, etc. But in many cases a vulnerability analysis of your data center will uncover specific actions that can be taken to prevent a localized outage from becoming a full blown disaster.
So how do you prepare a data center for a disaster incident?
First – Conduct a Vulnerability Assessment of the data center. Five basic questions to ask are:
- Are you storing paper and boxes in the data center?
- Are your networking cables labeled?
- Have you looked at your data center from a power and capacity standpoint?
- Is physical access to the data center limited?
- Does the data center have heat, smoke, water sensors?
- Are there data security policies and procedures in place?
- Is the location of your data center conducive to continued operations or is the data center in a major hazard area?
You definitely need a comprehensive set of procedures for the infrastructure and for the applications. Each component, or group of components, usually has support infrastructure, and generally speaking, there’s a person or group responsible for that. So the servers are going to be under the server group, or the virtualization group, or both. All of these are generally working under an infrastructure group or an operations group, but come a major disruption, there’s a dotted-line relationship for disaster recovery management. And that kind of governance clearly needs to be spelled out, who is in charge, who makes the decision, what you do, and what sequence you do it in.
Of course there is much more to ensuring your data center survives a disaster, but this should give you a jump start in reviewing your data center vulnerabilities.
Patrick R. Dunn, CBCP, CISSP
Practice Manager – Disaster Recovery & Business Continuity