The growing concern about data breaches and theft of intellectual property has elevated the need for security of data centers around the globe, but at the same time, the long road to economic recovery has made it more challenging to invest in these solutions.
These opposing forces have created a paradox for justifying the return on investment (ROI) on security solutions. In response to this paradox, Schneider Electric and others have developed the concept of “return on security investment,” or ROSI, in which justification for security is analyzed across three layers: 1) security effectiveness; 2) risk reduction; and 3) business efficiency. Let’s look at these layers through the lens of data center operations.
Security effectiveness is measured by a system’s ability to safeguard assets, monitor human resources, and respond to incidents. From the data center perspective, ROSI risk reduction is about guarding against data breaches, while business efficiency is about using security features to aid continuous improvement.
All of these benefits are helped by the fact that today’s security management solutions are digital, information technology (IT) based solutions, that stand ready to integrate with each other. Now, closed circuit television cameras can be synchronized with access control, or other security equipment, with a database foundation to the whole solution. What’s more, because today’s security solutions are IT-based, they can link with building management systems, or with data center infrastructure management (DCIM) solutions.
Risk reduction is often the critical layer needed for gaining approval. This is especially true with data centers, where a shut down because of a breach could cause a severe impact on business operations. For data centers that directly service consumers, like a retailer that holds customer credit card data, or a tech company that offers public cloud services, a data breach could be catastrophic to the trust consumers place in the company.
Data center breaches can come from either hackers working digitally or from physical entry. Because of this, it’s perhaps no surprise that large tech companies who rely on consumer trust are doing more to publicize their data center security measures. For data centers with a public face, security is both a marketing tool, and a means of risk reduction.
It’s useful to think of various perimeters at which you increase the level of security, going from lighter security in the parking lot, more security at building entries, higher security to enter the data center area, with the highest security reserved for access to the server racks.
While to the casual observer, security technology seems to be primarily about deterrence, it also creates a record of the movement of people and assets in a building. The result is that you have a data foundation for the third layer of ROSI: business efficiency.
For example, let’s say the standard operating procedure for a data center is that an electrician, a cooling expert, and an IT expert be on site. The access control system can tell you if one of these people is late or missing. Or, if you cross reference incidents in DCIM, like temperature spikes, to who is on staff during those incidents, you may begin to see patterns. Access control systems provide a “time and date” stamp to all sorts of behaviors that might impact a data center, such as doors to server rooms being left open too long.
Cameras can also be used to check if operational procedures are followed, such as dirty filters being handled properly. Cameras might also be useful for remote monitoring of a data closet.
Simply put, when you link IT-based security solutions to other systems like DCIM, you have a better foundation for continuous improvement. This “business app” layer of security solutions has strong potential in data centers, but probably isn’t being leveraged as much as it could be.