What Should be Paid Attention to When Constructing Data Centers 

Plannable Security in Data Centers

A certification according to ISO 27001 a the standard of a professional data center operation these days. Another commonly implemented system is the information-security-management-system (ISMS). However, often even a well working ISMS is not enough to keep the data center failure-resistant. On top of that, a lot of the planning guides are still insufficient for the IT-security within a DC-infrastructure. 

Hence, one of the most frequent questions is: "How safe is our IT-infrastructure really? What needs to be considered in order to construct a secure DC-infrastructure? Which added value is created by a general contractor as partner?" The better the security areas within a data center are planned, the more detailed the answers to those questions are. 

Unfortunately, the area of facility management within data centers is still neglected often. One of the reasons for this could be a communication problem between IT-management and facility management. Also, the ISMS does not take the DC building technology into account too much. 

 
 
 

"The basis for the entire DC-planning is an extensive risk analysis"

Hence, the planning process according to EN 50600 looks at all areas of the DC-infrastructure for the first time and offers numerous interfaces to the ISMS. Therefore, the basis for the entire CD-planning is an extensive risk analysis. Following guidelines of EN 50600, it consists of a business risk analysis and an incident risk analysis. 

The former is supposed to answer questions like "Which damage is done when business process X is failing?", "Which processes with which applications are running?" and "Which IT-hardware can be used for it?". Most of the answers can be given already by a good ISMS nowadays. However, the business risk analysis does not, or just very little, contain the DC-building-technology. Yet, the danger potential regarding the physical infrastructure of data centers increased a lot within the last years. 

Thus, an incident risk analysis should complement the planning. IT answers questions like "Which danger potentials exist?" and "How can they be reduced?" because there are a lot of hazards for a data center operation, e.g. a fire that breaks out right by the servers. 

It is especially important concerning DC-infrastructures inside existing buildings and the consequences of a breakdown of the power supply should always be kept in mind. In order to judge the risk, every single danger has to be analyzed regarding its probability of occurrence and for the resulting security concept, nearly all crafts' interaction needs to be looked at when planning and constructing data centers. An isolated analysis of both the IT and DC-security could lead to the danger that especially the interfaces between the crafts do not fulfill all of the required security demands. 

This does not only make for security gaps, but usually also very high costs in the security concept. 

All the advantages of hiring a general contractor are obvious: 

First of all, the ways of communication are much shorter, since the GC supplies one person in charge for the interface coordination, who has a lot of experience in holistic planning and realization. That person already consults in a comprehensive, neutral and trade-spanning way while the risk analysis is happening. And last but not least, the GC assumes full liability for the professional and right-on-time compliance of the commission. 

 
 
 

Phone +49 2741 9321-0

This website uses cookies. By using the website you agree to the use of cookies. Legal Notes