How to Speak Like a Data Center Geek: Security and Reliability

Because of the essential role they play in our modern digital society, protecting data centers has become more important than ever. Businesses need to feel confident that their data centers will be available whenever they need them. Even a short outage could cause serious disruption and degrade the user experience.

Data centers also make an attractive target for criminals. Data is a valuable asset, and it needs to be protected accordingly. This is challenging because modern applications often rely on distributed infrastructure. Businesses need to be able to move data wherever it’s most useful and valuable, without placing it at risk. To achieve privacy without compromise, they must take a holistic approach to data security, where they protect data in motion, in use and at rest. This means ensuring that all their data centers and network infrastructure have appropriate security controls.

In our How to Speak Like a Data Center Geek series, we aim to define terms that may be new to people outside the industry and not easy for them to understand. We believe that mastering the lingo is an important step toward understanding how data centers work and the key role they play in the digital economy. In this latest post in the series, we’ll explore the various strategies and tools that help protect data centers and ensure uptime.

Biometric reader (BMR): A security device designed to limit unauthorized access. Even if a visitor is allowed to enter a data center, they’d still have to pass BMRs before they can enter certain secure areas within the facility. The BMR scans the physiological characteristics of the visitor’s hand to verify their identity and ensure they have a valid reason to access the area in question.

Business continuity: An organization’s overall strategy for minimizing the impact of data center downtime. This strategy must consider different scenarios to determine how the business would react to planned downtime caused by routine maintenance or upgrades and unplanned downtime caused by extreme weather or natural disasters. A business continuity plan includes identifying essential business functions, evaluating the risks involved with interrupting those functions, and putting contingencies in place to limit those risks.

Cage: A secure storage area within a colocation data center. Only authorized visitors are allowed to access a cage. Therefore, cages provide an additional layer of physical security to keep nefarious actors away from customer equipment.

Disaster recovery: A subset of business continuity that deals specifically with responding to unplanned outages caused by natural disasters. A disaster recovery plan outlines the steps a business needs to take in order to restore IT systems quickly and with limited disruption.

High availability: Another subset of business continuity. While disaster recovery is about getting systems up and running again quickly in the aftermath of an outage, high availability is about proactively addressing threats while IT systems are still running, with the goal of avoiding outages in the first place.

Geo-redundancy: When organizations place their IT infrastructure in different geographic regions to safeguard against natural disasters impacting any one region. It’s an important aspect of any business continuity strategy, but it can also be used to optimize performance by balancing the load across different data centers during periods of peak traffic.

Learn more about geo-redundancy.

Mantrap: A two-stage entry system used to control access to a data center. It’s essentially a small, enclosed area with a secure door at each end. By controlling the flow of visitors into the facility, the mantrap is designed to prevent “tailgating,” which is when an intruder sneaks in behind a legitimate visitor. Any unauthorized visitor who somehow makes it past the first door would still have a second door separating them from the data center floor.

Physical security: A multifaceted strategy used by data center operators to keep their facilities and the equipment inside them protected from unauthorized access. The first line of defense is a 24/7 staffed security desk where visitors are required to sign in and verify their identity using a government-issued photo ID. After the security desk, there are additional layers of security, including the mantrap and BMRs. Finally, CCTV cameras perform continuous monitoring to ensure that even authorized visitors only access the specific equipment they’re authorized to access.

Learn more about physical security in data centers.

Power redundancy: A proactive approach to keeping data center equipment running even in the aftermath of a local utility failure. Data center operators enable power redundancy using uninterruptible power supply (UPS) systems that provide emergency backup power. However, true redundancy requires an N+1 architecture, with “N” being the number of UPS systems needed to run at full capacity. If one UPS unit can do the job, then N+1 redundancy calls for two UPS units on different power distribution paths. This provides a fallback if one of the units fails.

Learn more about power redundancy.

Private interconnection: The direct exchange of data between two parties. It’s an alternative to moving data over the internet, which is a public transmission medium with inherent security vulnerabilities. In addition to protecting the privacy of data in transit, interconnection provides better performance than the internet. This is because traffic follows the most direct route available and doesn’t share a public connection with other people’s traffic.

Interconnection also plays an essential role in business continuity, disaster recovery and high availability. Businesses can interconnect their own geo-redundant infrastructure or mirror critical IT infrastructure and applications into the cloud for added resiliency.

Learn more about interconnection, and why a carrier-neutral colocation data center might be the right place to set it up.

RTO/RPO: Two different methods for targeting disaster recovery efforts. A recovery time objective (RTO) targets the maximum duration allowed to get a business process running again in the aftermath of a disaster. As they develop their business continuity strategy, companies will set RTOs based on how critical their different business processes are.

A recovery point objective (RPO) targets the maximum amount of data loss allowed. An RPO of 12 hours means that a company would never go longer than 12 hours without backing up their data, and would therefore never lose more than 12 hours’ worth of data in any single incident. Some critical business processes may have an RPO of zero, meaning that they allow for no data loss at all. These cases require continuous mirroring from the data center to the backup location.

We can safely assume that the threats facing data centers—whether from natural disasters or malicious attackers—will continue to grow and evolve in the future. This means that data center operators can never stop working to keep up with those threats.

Learn more about how Equinix approaches data center design, including how our design principles support security and reliability: Visit us today.