The importance of data centre security and disaster recovery (DR) planning was highlighted following a recent incident at a Vodafone facility leading to a mobile network outage for customers in some regions for most of the day. The accepted version of events at the time of writing from Vodafone is that “We had a break in last night at one of our technical facilities which resulted in damage done to some of our equipment“.
Reflecting on what happened brings a few interesting thoughts to wholesale jerseys mind. My first instinct was one of sympathy for Vodafone who didn’t directly cause this to happen and are the victims of the burglary. Having worked in electrical engineering and seen the problems of thieves taking 29th, copper from sub-stations (and in the process interrupting the power supply) I naturally had sympathy.
Disaster recovery (DR) then came to mind along with the fact that Vodafone appear not to have had any. When considering DR, organisations need to make an assessment of the likely frequency and cost of outages and consider cheap jerseys this against the cost of having duplicate redundant facilities running, ready to pick up the service in the event of an outage. This can take several forms, from a ‘hot’ is standby with systems running and replicated data from the live site, ready to become the live site without the loss of a single transaction, to a ‘cold’ standby with the appropriate hardware, perhaps with the business applications installed, but with low frequency replication or relying upon a restore from backup, which implies the loss of some data and potentially several hours of start-up before service can be resumed.
In this case Vodafone appear not to have had such a service for this site. This may well have been a reasonable judgement on the basis of cost (revenue and reputational) incurred by wholesale nfl jerseys this outage to only a segment of the UK customer basis compared with the cost of maintaining a network of redundant facilities.
In a hierarchy of facilities (similar to substations for power distribution) there are typically a few large central facilities which then feed to many ‘local’ facilities which are smaller, more numerous and each supply a small number of customers. It then makes sense to have standby facilities for the few central hubs (protecting most customers if there is an outage, for least number of sites to duplicate) and to accept the cost of regional or local outages. In Vodafone’s case, this was a regional hub, so possibly ‘below’ the cut-off for having a DR facility. Whether the reputational cost and potential loss of worried or upset customers to other networks has been factored into the cost case for whether there should have been a DR facility is an interesting question that I imagine Vodafone will be busy reviewing.
Data centre security
The incident also had me thinking about physical security of data centres. A large part of the IT security focus is on network security at the perimeter of the network: firewalls to stop intruders and intrusion detection systems to alert if breached. Other significant parts of IT security though are concerned with physical security and also protecting against human nature, so-called social engineering attacks, where for example someone may enter your premises (tail-gating an employee through the swipe-card protected door) and connecting directly to the network, bypassing the elaborate perimeter defences.
Films often feature these ‘on premises’ type attacks because of the drama the that they bring e.g. Transformers (with a small ‘decepticon’ robot downloading classified data and shutting down the US defence grid from Air-force One) and (Is Cypher (the protagonist at one point entering a rival company datacentre to remove data), and it is a bold, but viable route onto the network. In the sci-fi examples the target is often theft of the data which in the real world may be of great wholesale nba jerseys value to competitors (and which may also prove to be a source of cost if there are penalties for Childcare its loss e.g. the data protection act).
However a more prosaic intrusion is that of Vodafone’s with a burglary of equipment that has a high resale value. Whilst there is a replacement cost for the loss of these items, there are likely to be much larger losses to the organisation from the service downtime (calls not placed, orders not placed, lost customers) and the follow-on costs to Theory restore the service.
Given these potential costs of:
- loss of data
- loss of equipment
- loss of service Michigan (and potentially customers)
the Vodafone incident does beg the question of whether enough cheap nfl jerseys emphasis is placed on physically securing the premises in these days of unmanned ‘lights-out’ data-centres and efficiency savings. A similar risk based approach to this as with DR is perhaps the best way: understanding which data centers need which level of protection based on an assessment of the potential costs of an incident. This is by no means the full answer though and there may well be effective and low cost ways of improving physical security. And I imagine that several data-centre managers will have been quizzed about these topics in their morning meetings with their clients over the past couple of weeks!