19.03.2021

Trust in the Cloud: How Data Centres Minimise Risks

Users of cloud services and digital ecosystems such as GAIA-X expect maximum data availability. The data centre business is a matter of trust, and that starts in Europe’s data centres. Standards and certificates such as EN50600 and the Data Center Star Audit stand for security and availability of data, says eco data center expert Gerd Simon in interview.

Understanding and mitigating risks to to Data Center Operations

Mr Simon, why is risk assessment particularly important in data centres?
Today, data centres are an essential part of our technological world. After all, any data and IT resources that are available from the cloud ultimately come from a data centre. The Corona pandemic has shown us very clearly how important it is for these resources to be reliable. We need to protect digital infrastructures by effectively preparing for whatever may come. Active risk management is required. Data centre operators are very committed to minimising operational and construction risks and providing data – be that from video conferencing and emails, 5G, IoT or Industry 4.0 – in a reliable manner. It is important for data centre operators to have a very clear view of the risks they face – physical, digital, financial and regulatory; accidental, incidental or malicious.

So how do data centres minimise these risks?
How great the physical security is and how well data is also protected from cyber criminals depends on where and how the data is stored. In Europe, there are also a number of legal standards and regulations for this, such as ISO27001, ISO27018 and BSI C5 (Cloud Computing Compliance Criteria Catalogue). The EN50600 standard, for example, sets out how data centres are to be set up and operated securely and with high availability. In addition, the eco Association offers a transparent certification system with its Data Center Star Audit, which differentiates itself from other auditing options by focusing on the testing of the reliability of data centre operations. This means that not only the technical equipment and buildings, but also processes and personnel in data centres are checked. In particular, we take a close look at the ongoing operations in the data centre, including processes, maintenance protocols and cooperation with partners. The result of this is a transparent star-rating of the data centre and a classification according to the availability classes of EN50600.

Does this really make the data secure?
Yes, the data is very secure if all companies within the digital value chain take their compliance seriously and make sure that their IT resources come from a certified source. Secure data requires secure data centres. Only in this context can hosters, for example, promise their customers the necessary security and availability and also prove this. And this is the only way to win people’s trust for digital ecosystems like GAIA-X. Furthermore, customers can book a geo-redundant backup for additional security, i.e. data can be stored in two data centres that are geographically separated from each other. This means that the data would be safe even in the case of extremely unlikely eventualities such as fires or as a result of natural forces. The German Federal Office for Information Security’s BSI C5 (Cloud Computing Compliance Criteria Catalogue) describes basic regulations for secure cloud computing.

And what if, despite all this, there is still an outage?
Regardless of whether the outages are small or large, a professional data centre operator has plans prepared for such eventualities – so-called emergency plans – and trained specialist personnel. These experts continuously check all aspects of dealing with various probable or less probable outages, evaluate them and also intervene when necessary. This is true not only on a technical level, but also in terms of communication. We know such concepts from fire brigades and rescue services. When every second counts, it is important for everyone to take action calmly and with concentration. The communication skills of each member of staff are immensely important in such special situations. How can the incident be explained and communicated to all parties involved, not only customers, but also the media? A provider’s image can be permanently damaged and doubts about reliability can last for years. Fixing that can cost millions in marketing investment. Preventing such outages should therefore be a top priority. And not only from the operational perspective – this is a central task for top management. Trust work is a matter for the boss, which means security in the cloud is too!