As an IT specialist, you will know all about the challenges facing IT security. It’s the Achilles heel of modern companies and an issue that has intensified with the digital revolution and Industry 4.0. There is a very real risk that, without a secure and available IT infrastructure, everything from IT-supported production and dialogue with customers to warehousing, logistics and building security could grind to a halt. Alongside logical and technical security, physical security – which focuses on buildings, infrastructure, redundancy, etc. – also plays an important role.
Tailoring IT damage-prevention measures to current protection requirements
Fire, gases, smoke, dust, water and vapour can quickly ruin your IT systems. Even if you have done everything to protect against these threat scenarios, you should regularly review the measures you have in place. During this process, it is always a good idea to analyse your current protection requirements, too. For instance, is basic protection still adequate? Do you now need to protect high-availability solutions? The bigger the scale of digitisation in your company and the more functional areas depend on a secure IT infrastructure, the stricter the security requirements, including with regard to the aforementioned threats.
When deciding on a security concept, you should take particular account of the environmental / installation conditions. How high is the fire risk in the area? How good is access protection for the building? Is there a risk that water damage could occur? Once you know your precise requirements, you can configure the protection for your server room accordingly.
Effective protection – state-of-the-art fire prevention
When it comes to protecting your IT from fire, there are various points to consider.
For example, there is a distinction between component tests and system tests. A component test will assess only an individual element such as a wall, door, cable entry, etc. It will not investigate the connections between individual components, which are the most important element to consider in a fire scenario. Nor will it take into account relative air humidity.
Another important consideration besides the issue of component testing vs. system testing is the maximum temperature permissible inside the server room during and/or after a fire. This is specified in the various standards.
About standards, basic protection and high-availability protection
Standards DIN 4102 and EN 1363 permit an average temperature rise of 140 K on the side facing away from the fire, which is far too warm for IT components. EN 1047-2, which applies to complete rooms, permits a maximum temperature rise of 50 K and a maximum relative air humidity of 85 per cent. Security rooms that can satisfy these requirements are also referred to as high-availability rooms.
Basic protection rooms are tested to DIN 4102 / EN 1363, but can also be tested as a system. An intermediate solution is a basic protection plus room or extended basic protection, in which the room is tested to EN 1363 but is not permitted to exceed the limit values of EN 1047-2 (maximum temperature rise 50 K, maximum relative air humidity 85 per cent) during the first 30 minutes of the test.
Another point worth mentioning is that it is not advisable for customers to put together their own solutions for IT applications that need to satisfy high-availability requirements. For example, during a fire incident, concrete walls can give off a great deal of moisture and fire and smoke can roll over into the area around connection points.
Break-ins and internal fires
Besides taking into consideration the risks associated with fires originating outside the data center, it is also important to factor in the risk of a fire inside the data center. Besides preventing a fire by lowering oxygen levels, it is also possible to extinguish fires using a range of inert gases and chemical extinguishing gases that can put out a fire in its early stages without leaving residues.
However, even if your protective measures against natural hazards are sufficient, is your data center also protected against unauthorised access? Even though a server room is usually integrated inside well protected buildings, you also need to protect it against break-ins. The international EN 1627 / 1630 standard offers a six-stage classification system based on the following criterion – how long do intruders need, with or without special tools, to get into your data center?
Protection from damage caused by water and dust is regulated by IP protection categories (IP = International Protection). The higher the IP category, the better your data center is protected from the ingress of dust and water.
Smoke gases are another risk to your IT systems that should not be underestimated.
It is therefore advisable to use a room solution that provides reliable protection from these gases.
The Micro Data Center and modular solutions
Small and medium-sized businesses also face tough challenges when it comes to protecting their server rooms. Often, such companies need to protect “only” one, two or three server racks and a large data center would be out of all proportion. All there is left to house IT systems is the “broom cupboard”, which is in no way suitable for accommodating sensitive data. A Micro Data Center is ideal for safeguarding these individual server racks and offers protection from a range of potential physical threats, just like a security room. Thanks to modular and extendible components such as various cooling solutions, monitoring, fire alarm and extinguisher systems and intelligent PDUs, Micro Data Centers can be extended to form fully equipped compact data centers. Micro Data Centers offer a range of benefits. For example, their modular and extendible design makes them very flexible, whilst the option of disassembling and reassembling the systems means they do not need to be permanently installed in one place. Last but not least, Micro Data Centers offer an all-in-one solution that often eliminates the need to upgrade existing premises.
Summary
Security management for a physical data center has become a strategic success factor for corporate management. When upgrading, expanding or redesigning your data centers, you should therefore compare your requirements against protection categories and automate your monitoring processes.