Johannesburg, 06 Sep 2017
Imagine if a plane were to crash into your data centre. Unthinkable? Perhaps. But what would be the impact on your business if an unforeseen event resulted in total destruction of the data centre in which your data is stored? This might seem like a far-fetched scenario, but then who imagined that a natural disaster like Hurricane Harvey would flood the United States' fourth-largest city?
The full extent of the worst hurricane to hit the US in a decade is still unclear at this early stage, when human and animal lives are the main focus of recovery efforts. But down the line, when people start to pick up the pieces and try to resume some semblance of a normal life, and businesses are going to need to get back up and running, the financial impact of this natural disaster will only then be fully realised.
The first port of call for any business trying to recover from a disaster of any kind will be to establish whether it still has its data. All too often in our digitised age, no data means simply, no business. And while the security focus tends to be very much around protecting your data against malicious threats such as cyber attacks, it's also vulnerable to accidental loss, as described above.
Not a South African problem? You might think so. However, closer to home, the flooding of Gillooly's interchange in Ekurhuleni in November last year and again in March this year caused problems for local businesses, some of which also experienced flooding. Underlining the fact that this type of threat is as valid closer to home as it is for offshore data centres. However, the rapid adoption of cloud has the additional implication that businesses may not even know which data centre is storing their data.
If there's one thing Africa excels at, it's security. But as much as we have CCTV cameras and alarms and electric fences around our homes, we often don't apply the same measures when it comes to the data centre. Jacques Klopper, general manager: Sales at Rittal South Africa, says: "When it comes to protecting our data, we implement software solutions, firewalls and other preventive measures, but what about the data centre where your data resides? Is it secure against a physical attack? In most cases, IT managers and CIOs focus on digital threats only."
While the concept of a physical threat to the data centre may seem unlikely, one has to consider the impact that threats like fire, hazardous gases, water, dust and electromagnetic currents pose; it's not just unauthorised access that's a risk. Klopper says: "The question shouldn't be 'how secure is your data centre?'. You should rather ask 'how secure should your data centre be?'. The difference is subtle but it's there. Currently there's no legislation around the physical security of data centres. However, legislation like POPI and GDPR require that businesses take all reasonable steps to protect personal information, and surely the physical safety of that data also comes into play here?"
He makes a valid point. If you consider the financial sector, it has access to some of the most confidential information that you can get about people's lives, yet is the location where that data is stored secure against unauthorised access, smoke, gases...even vandalism? Klopper says: "I'd like to see some sort of tiered rating system whereby certain types of data have to be stored in a data centre with predefined levels of security, both physical and digital."
CIOs and IT managers might counter that they have a backup system in place, so the company's data can be retrieved should the worst happen. Klopper counters: "When did you last test your data recovery site? You should be doing regular tests. And is that facility offsite or just duplicated in the same data centre? If the latter, then it won't be a backup should that data centre come under attack."
Finally, Klopper says: "Regardless of the size of the business and the sensitivity of the data that it deals with, that data is its lifeblood. Businesses need to consider the value of the data that would be lost should their data centre crash. Then they need to plan accordingly."
Share