AOH :: ISNQ5180.HTM

How to Choose a Data Center




How to Choose a Data Center
How to Choose a Data Center



http://www.linuxinsider.com/story/it-management/61485.html 

By Scott Whitney
TechNewsWorld
02/04/08

After a bad experience, I vowed to myself that I wouldn't get fooled 
again. I put on my Due Diligence Hat and sat down to determine how to 
choose a data center. Following are the major points which you 
absolutely cannot ignore if you hope to be successful. I wish I had this 
article when I was going about my business. Here, I hope to provide, in 
no particular order, a definitive list of investigation points.

In 2005, notebook computers accounted for 50.1 percent of all computer 
sales. In 2006, shelf space for notebooks increased 44 percent while 
desktop shelf space (and sales) went down by 23 percent. What does this 
have to do with a data center? Everything.

At Journyx, where I manage IT, we presently have about 25 employees. Of 
those, 11 have laptops issued to them as their primary machine. One 
employee works remotely in another state. Therefore, half of our 
employees need constant remote access to our business. Well, it's 
possible they don't need it, but they sure do whine about it an awful 
lot when they don't have it. So for me, in my little fiefdom known as 
"IT," that pretty much amounts to the same thing.

As with most companies, we store the bulk of our data internally on our 
network here at the corporate headquarters, but we also store a fair bit 
of it at our data center. We have Software as a Service (SaaS) 
applications which we host for our customers as well as for ourselves. 
We have our Web site, of course, which must be up and running 24/7 or my 
CEO calls me up in a panic. We have an FTP (file transfer protocol) 
server for support, as well as one for the public, etc. You get the 
picture. We've got resources that are needed by our remote employees as 
well as our customers. In essence, we need a reliable, 24/7, redundant, 
fast way for our people and the world to access our data. If this sounds 
familiar to you, you might be in the same boat that we were in. We 
needed a data center.


Take On the Challenge

I'm oversimplifying our needs a bit, since we are a hosted service 
provider for literally hundreds of organizations around the world. You 
see, with the software that Journyx creates, you can either host it 
locally on one of your own servers, or you can ask us to do it for you, 
taking away that overhead. Since we host our customers' data in addition 
to our own, in different time zones around the world, I was in the 
joyful, enviable position of evaluating data centers (again). It was 
either that or get a root canal, and that was the excuse I used last 
time, so I decided to man up and take on the challenge.

I say "again" because my previous data center experience was a true 
fiasco. You see, this company -- we'll call them "Evil" -- had bought up 
my existing provider and, in an effort to either cause the 100 or so 
customers significant pain for no reason whatsoever or to cut costs 
without evaluating the actual opportunity cost of the move, they decided 
to close the facility in which we were housed and move us across town to 
their "better" data center. Well, Evil and Evil's minions had no idea 
how to run a data center. Without going much into their inexperience, 
let's just say that we knew we needed to move when at 5:30 p.m. on a 
Friday, one of the minions shut down all physical and logical access 
into and out of the data center because several of the collocated 
customers had a virus. We were unable to get back up and running until 
Monday morning. This was one indication that perhaps there were better 
choices available to us out there in the world.

Vowing to myself, in my best Roger Daltrey voice, that I wouldn't get 
fooled again, I put on my Due Diligence Hat (my boss makes me wear it 
from time to time to avoid situations like the above) and sat down to 
determine how to choose a data center.

Following are the major points which you absolutely cannot ignore if you 
hope to be successful. I wish I had this article when I was going about 
my business. Here, I hope to provide, in no particular order, a 
definitive list of investigation points that should lead you to the best 
collocation provider for your needs in your area.


Halt! Who Goes There?

With the Sarbanes-Oxley Act of 2002, a lot of attention became focused 
on fraud and fraud prevention. Part of this particular Enron-created 
hell is the wonderful and invigorating SAS 70 audit, which, in the 
simplest terms, is a proctologic exam where the external auditors and 
your internal management pokes and prods and searches around until they 
can pull sufficient controls out to ensure that customer data is kept 
relatively safe.

As I mentioned above, we host our own application for our use plus that 
of paying customers. It collects time, expense and travel data for 
users, and that data gets billed to projects, among other things. For 
many of our customers, it would be a catastrophe if any of that 
information was readily available to their competitors. While logical 
security is, of course, my purview, physical security at a data center 
can play a huge role in satisfying SAS 70 requirements as well as 
letting you sleep at night. Some things that you might consider for 
security in your quest for the perfect data center:

    * How many cameras does the data center have and where are they 
      placed? How is the data recorded and how long is it kept?
    * Is everyone who goes into and out of the data center required to 
      sign in and sign out?
    * Are there two or more specific stop-points on the way into the 
      data center?
    * Is the data center staffed 24 hours a day? Is it staffed with 
      security personnel, and if not, what are the procedures for the 
      onsite staff to deal with security threats?
    * Who has access to the logs and videos and what is the procedure to 
      get them?
    * Is the data center insured against loss due to theft or vandalism 
      or must you carry your own?

[...]


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 

Site design & layout copyright © 1986-2014 CodeGods