The Importance of a Mission Critical Data Centre in a Global Crisis

Opinion Piece.

Contributed by Nicholas Bojko, Chief Information Security Officer, Macquarie Data Centres.

Over the past 4 months Australia has encountered some of the most significant environmental events impacting our general way of life as we know it.

Fire, Smoke, Floods, Hail – we thought we had endured our fair share. If the Australian community was not already rattled, we are now facing one of the worst global health outbreaks since the Spanish flu of 1918 – the unprecedented era of Coronavirus – COVID-19.

100 Years on and while we have access to a plethora of technology and medical advancements, our weakest link to our very way of life is a virus we don’t understand and worse yet a virus we have no vaccine for. We are entering unchartered waters.

The new threat and change.

The impact of COVID-19 on humans is the one that we won’t understand for some time. Day by day our lives are changing and there is no sign of these changes being temporary, the worst is likely yet to come.

General things we take for granted every day like switching on the power, travelling on public transport, having brunch at our favourite café or visiting our loved ones are now activities we are unable to pursue.

Globally ‘social distancing’ is the new ‘hello’. Working from home, the closure of schools, the grounding of planes and the shutting of international borders are modifying our daily interactions.

The reliance on video conferencing and the virtual world is rapidly being introduced to try and keep employees working remotely in efforts to keep the economy ticking.

The question remains, once we all adapt to this new norm, and employers begin to understand the benefits & efficiencies of a remote workforce will we ever return to our office-based work? Will this global pandemic thrust us into digital mobility, cloud computing, telecommunications?

If so, data centres will be at the forefront of this new, heightened digital world.

Critical Infrastructure.

So much already revolves around data and the connected world of the Internet, two things now become intensely critical to our way of life; The Internet (which ultimately relies on cables and service providers) and Data Centres (the place where that thing called the cloud resides).

Over the past 20 – 30 years the Internet and connected networks, have silently underpinned the economy. Think of the Internet as the akin to the arteries in your body, the cables that connect to the heart. And the Data Centres is the heart itself where all the processing is done.

The movie that you watch on Netflix tonight is streamed from a data centre somewhere around the world, the shopping that is conducted online relies on the cloud which sits in a secure data centre. The worlds critical data and processing happens in a data centre.

Essential Elements of a Data Centre

A data centre is essentially comprised of three critical components, Power, Cooling and Security. It sounds simple. The power is generated and supplied by the electricity grid supplier. The cooling provided by the computer room air conditioners (CRAC) units. The security is provided by the Electronic Access Control System (EACS), surveillance cameras and usually physical guards stationed on site. Quite straight forward until a natural disaster or global crisis like COVID-19 takes place.

Impact to a Data Centre during a Global Crisis.

Data Centres are essentially massive computer rooms. The environment where power is delivered ‘clean’ and the ambient temperature and humidity are stringently monitored to be optimal for high end computer and IT equipment. Customers install and run their servers at these locations as they are designed and operated to be operational 24 hours a day, 365 days a year.

Data centres are designed with backup systems and services to continue to operate no matter what is happening outside the premise. They are highly secure and designed to be concurrently maintainable facilities.

Worldwide Data Centres are now being put to the ultimate test. Like any other critical machinery, it will fail if not regularly maintained. When equipment fails it requires specialised parts which are often located around the world from specialised suppliers. Not usually an issue, but with the whole world going into isolation and factories shutting their doors to contain the spread of COVID-19 the supply chain becomes highly compromised. Usually service level agreements are in place and spare parts are flown from one country to another, overnight.

For now, many countries are closing their borders leaving spare parts far from where they are needed.

Fortunately, Macquarie Data Centres have considered this as a part of our Business Continuity Plans, so much so that we manage our own spare parts inventory for our critical plant equipment. We identify critical components and retain them in our warehouses.

Like any Tier 3+ Data Centre, we have backup equipment incorporated into our design in the event failed equipment is being repaired and spare parts sourced but we also believe in mitigating risks by having critical parts on hand. This accelerates the time to restore and ultimately differentiates a ‘Data Centre’ to a ‘Mission Critical Data Centre’.

It doesn’t just stop with the mechanical equipment. Data Centres are dynamic and filled with complexed equipment, so our team are highly skilled and equally defined as critical assets.

Strategically designed, our facility managers rotate across of our data centres regularly. This allows cross skill across different plant equipment and data centre designs. During this evolving crisis it’s allowed our business to split our data centre management workforce into isolated teams, if a team member becomes ill, we have the ability to immediately substitute another Facility Manager who is very familiar with that site’s operational framework.

Remote access and Cyber Security

Over the past 20 years IT systems have become integral. Follow me on this one, Computers are running the plant equipment that runs the computers.

Previously, the mechanical equipment was just that. It had buttons and levers to drive the equipment, very manual and static in its operation. Now days, most if not all industrial equipment is driven by computers in some way.

Remote access into critical plants and systems must be carefully considered, many Hollywood movies have enacted scenarios of malicious actors compromising systems of industrial capacity. I’d like to say this is just the movies and this doesn’t happen but, industrial security breaches are on the rise and its times like this that they are the most vulnerable. Business don’t always consider the risk of enabling remote access into their systems, they are forced to work from home due to extenuating events like COVID-19 and security comes second to business operations.

Being prepared is fundamental to maintaining operational platforms. It’s important to perform cyber security hygiene tests as this will highlight any vulnerabilities that can be rectified prior to any crisis.

Hygiene tasks include:

• Performing vulnerability scanning throughout the year to know your system weaknesses
• Run regular penetration tests to see how your business can be exploited
• Conduct red and blue team exercises on your assets
• Patching your systems throughout the year to remediate security gaps in your systems

For mission critical businesses like ours at Macquarie this is part of our culture. Security is in our design which allows us to achieve some of the most recognised certifications in the industry.

At Macquarie our mechanical equipment network and systems operate in line with defence networks, isolated and air gapped. We have designated secure locations around the country which our facility managers can remotely monitor while having access to the mechanical plant equipment. This is crucial to allowing our facilities staff the ability to maintain in the event they cannot physically access it due to isolation.

Maintenance programs usually happen as frequently as monthly across most of the equipment with more comprehensive maintenance programs every six months. It is crucially important that these regular maintenance programs continue to take place even in times of crisis. The difference is now Data Centre providers will not have the luxury of “maintenance days” where the whole facility is serviced on the same day. We need to ensure our external contractors are not cross contaminating and we need to validate where they have previously worked while running background checks for risk of viral infection and transmission which is now more important than ever.

Scheduling field technicians and limiting the number of concurrent people on-site at any one time is our new daily reality.

The Supply Chain

For a data centre our supply chain is somewhat straightforward. We need electricity. In fact, our most critical supply is power, and it needs to be un-interruptible. Data Centres typically draw their primary power source from the energy grid and have backup supplies in the event the energy grid sustains a failure or interruption. This is where the supply chain becomes highly important. We do not expect that the energy grid will sustain a failure, however if it does, we generate power through diesel power generators. Which means we now rely on our diesel fuel supply and most facilities will have bulk fuel tanks on site to feed the generators. Now there is a dependency on your diesel fuel supplier to re-fill the bulk fuel tank. The supply chain now becomes vitally important. Maintaining multiple fuel suppliers is one mechanism to ensure this risk is reduced.

Its important businesses take the time to understand their supply chain and the complexities and the chain of reliance, mapping out each of your business-critical resources.

Not all businesses will, and if they do it’s a one-time event which does not account for the constantly changing landscape. When supply stops, it poses a business risk which ultimately results in economic losses, either from new sales or the business simply can no longer operate.

When selecting your colocation provider, its vital to understand their business continuity plans to ensure you are covered in times of natural disaster or global crisis.

Nicholas Bojko has been a critical member of the team for the past 15 years in various engineering and leadership positions across Hosting, Telecommunications, Government and currently Chief Information Security Officer within the Data Centre business.

Nick has been responsible for architecting several of Macquarie’s significant investments including Intellicentre 2, Intellicentre 4 as well as the Australian Federal Government classified Secure Internet Gateway & Cloud Programs.

At Macquarie Data Centres Nick focuses on leading the security strategy for our corporate governance & compliance programs across our data centres.

Based in our nation’s capital, Canberra, Nick works closely with the Australian Government and senior policy makers assisting to shape national cyber security including working on Prime Minister Turnbull’s Cyber Security working group and briefing members of the United States Security Council in Washington DC.