Moving to Safety

The dotcom tsunami left a glut of hosting facilities in its wake, with many now being rebadged as data or disaster recovery centres. But what seemed like a safe bet in the 90s – a mirror site just a stone’s throw away – looks like more of a gamble post 9-11.

At first glance, security at the data centre — billed as the most impenetrable Australia could offer and sited across two floors of a building at the very heart of Sydney’s CBD — was “spectacular”. There were multiple levels of physical security ranging from video surveillance to state-of-the-art iris scanning devices; no employee could get in without photo ID, and every corridor bristled with guards and fire extinguishers.

But when the owners of the centre invited a prominent security analyst to test their facilities, they were in for unpleasant news.

It was shocking enough that the analyst was able to poke his nose into every corner of the facility after identifying himself on security forms as Osama Bin Laden and giving his address as a tent somewhere in Pakistan. (“You should have seen the look on my client’s face later when I said: ‘And look at this . . . ’,” the analyst told CIO.) Far worse — because less easily addressed — were the other vulnerabilities he picked up, not least those created by the data centre’s very location.

“Now I have to say, the facility was pretty spectacular,” the analyst says. “They had all these biometric iris scanning access devices and all the rest of it, but if you don’t police the low-end policy end of it, then you still have a problem. They actually made the mistake of pointing out which computers in their facility handled which clients, and how significant that was. I couldn’t believe it. This was supposed to be super security and they had no idea.

“I said to them: ‘Okay, you’ve got these two floors and that’s really lovely, and fire extinguishers every 10 centimetres and all the rest of it, but what if I just decide to turn a hose on upstairs? And what about your pipes back into the infrastructure in the basement? That’s going to be the way to take out your facility, isn’t it?’”

But perhaps the greatest area of potential concern of all was the centre’s very location. There is no doubt data centres located in the CBD are likely to be more vulnerable to terrorist attacks than those in outer suburbs, the analyst says. “That makes having a hot backup site that is outside of the CBD, particularly in the Sydney context, vitally important. And if you were checking the data centre owner you’d check what redundancy they had not only in fibre, but also whether they had a satellite backup.”

Under their duty of care, directors and senior executives are obliged to increase shareholder value through prudent investment and asset protection. CIOs are obliged to help them meet these obligations by ensuring the physical protection and assured business continuity of valuable company information. And one of the considerations those CIOs must take into account in the new world ushered into being on September 11, 2001 is the location of the data centre, now that the primary concern for corporate disaster recovery has shifted from natural disasters to potential terrorist attacks within CBDs affecting buildings and infrastructure randomly over a large radius.

After all, more than 406 buildings were impacted and eight demolished in the terrorist attacks on the World Trade Centre, but the total disruption was far wider, with damage to infrastructure and communications including subways, roads and bridges. Access was further restricted on security grounds. And disaster piled on disaster for some imprudent organisations based in the World Trade Centre whose redundant systems were in the other tower. With many data centres still located in CBDs across Australia — typically a legacy of the dotcom era — how many companies could assure business continuity in the wake of the unthinkable: a major terrorist attack on the heart of one of our major cities?

Dr Adam Cobb, a national security expert and director of, a Sydney-based defence consultancy firm, thinks in the current climate it is “vitally important” for organisations, and particularly Sydney-based organisations, to have a backup data centre outside the CBD.

Cobb says terrorists planning an attack will inevitably opt for “the big targets” — bridges, tunnels, national landmarks like the Opera House — because it is those targets that will make the international news, and from their point of view anything less is pointless. Since most of those big targets will inevitably be located in or close to the CBD, the CIO needs to balance their vulnerability against the threats to the organisation.

And when it comes to the preponderance of data centres in places like the Sydney suburbs of Ryde and West Pennant Hills, Cobb warns organisations need to be aware of the temptation that preponderance itself may offer terrorists looking to impose maximum corporate damage.

“There does seem to be a congregation of [data centres] in Ryde,” Cobb says. “So you look at the Ryde Exchange — and these maps are still spectacularly available — and how hard it would be to take it out. And you look at what format they back things up on, right down to what secondary systems they rely on. So, for example, do the data centres have airconditioning ducts that are exposed and easily accessible? If you manage to disable the airconditioning, because computers need to operate at a certain temperature and all the rest of it, then that can cause problems. And so on and so forth — there are a number of different ways to crack the nut, as it were. At the end of the day, there really is no perfect solution, and it’s a risk assessment process,” he says.

Recover CEO and Business Continuity Institute Australia representative John Worthington agrees that should a terrorist decide to bomb the Ryde Exchange (or any other exchange where multiple data centres are clustered) they could do an enormous amount of damage. “You probably should look at having your data centre where others are not,” he says.

Organisations should also check that the data centre is located outside the power grid for the area the business is located in. “Power outage is one of the most common factors that will drive you to your data centre. So what you don’t want to find is that you have a power outage affecting your office and your data centre, which might only be a couple of blocks away,” Worthington says. “The thinking at the moment is that the data centre should be located probably no closer than say 10 kilometres from your current site, but that depends on the power grid locations also.”

Many data centres have been located outside city centres,” notes Gartner Australia vice president and chief of research John Roberts. “It’s a decision based on relative real estate costs, availability of 24x7 operating staff, security, telecom infrastructure costs and so on. For example, IBM has operated two major centres — one in Ballarat, the other in Pennant Hills that I believe can back each other up — and then they have others they have inherited as they do outsourcing deals.

“Part of minimising the risk,” Roberts says, “is ensuring there are at least two completely separate channels out of the data centre, running to two different exchanges.” And security-minded organisation can go much further, he says. In earthquake-prone Japan and California, disaster recovery plans would normally involve having two separate data centres in different cities effectively mirror imaging each other.

So b-sec director Oliver Binz cites approvingly the arrangements of NEMCO (National Electricity Market Management Company), which has co-primary sites in one location and then a third site that can kick in at any moment.

“Of course there are the stories you’ve no doubt read about people having their primary site in one tower and their secondary site in the other tower at the World Trade Centre,” Binz says. “But realistically, if you’ve got your sites spread across Brisbane/Sydney or Melbourne/Sydney, I think probably from a risk point of view that that would be quite acceptable.”

Optus has recently gone one better, moving to provide its customers with access to three data centres — two in Sydney at Ultimo and Rosebery and one in the outer Melbourne suburb of Sunshine — all located on top of Optus exchange sites on its Internet backbone and all connected for extra security. The new facilities replaced two in the Sydney suburb of Ryde and one on Melbourne’s St Kilda Road, which have now been reserved purely for telecommunications use.

According to Optus Business managing director Peter Kaliaropoulos, there are two components to quality when it comes to the data centre: security and diversity. “There’s no more secure environment in a telco infrastructure apart from the exchange; it is the most secure part of our infrastructure,” Kaliaropoulos says. “And in the Ryde co-location centres we didn’t have the high levels of diversity required, or the highest level of security.”

Optus e-business hosting general manager Noel Hamill says the changes were made partly as a response to the new emphasis on location evident among customers since September 11, 2001. “What we discovered was that physical location entered into the equation where it wasn’t such a driver before. That was a contributing impetus for the decision to locate into Sunshine in Melbourne because that’s probably 30 minutes’ drive from the city centre. So it gives that physical diversity, and of course industrial parks tend not to be targets for terrorist activities compared to landmark buildings,” Hamill says.

But if one lesson to emerge from the September 11 attacks was the vulnerability of data centres in metropolitan locations, Hamill says Optus has also learned in the four years it has been in the hosting game that connectivity is an even more important factor. “We’re running a strategy where we’re putting our data centres on top of our exchanges, and the exchange is obviously the telecommunications infrastructure, which provides the data connectivity to do the Internet out to other companies.”

He claims the Optus exchange meets “incredibly high standards” of security, diversity and redundancy. For example, there are multiple loops over the fibre core into the Sunshine exchange to protect against damage to cables. “You also need to consider bandwidth, bandwidth and bandwidth,” Hamill says. “Most of the applications that are being hosted in these facilities require large transfers of data.”

With physical proximity to the client organisation no longer a consideration thanks to the Internet, ePrint Web Hosting is providing a service to Australian businesses that involves their data being co-located in Houston and San Antonio, Texas in the US (well outside the CBD). Managing director Andrew Hennell denies location was a major factor in the decision. Rather, he says, the company chose the site because it provides military-grade security, and because of the number of networks and the bandwidth that comes into the facility.

“Pretty much if you’re hosting with Optus you’re with Optus, if you’re with Telstra you’re with Telstra,” Hennell says. “Whereas we’ve found that the peering networks and so on in the US and the number of networks connected to this data centre give us a degree of connectivity that we can’t find within Australia.”

Hennell says ePrint is now in the process of closing its Sydney CBD data centres because the benefits it enjoys in hosting in the US far outweigh any advantages in maintaining an Australian presence. But he insists if prices and connectivity were equivalent he would not be opposed to a Sydney CBD location, despite any fears of a September 11-type attack on these shores.

“If you look at something like September 11, where both buildings of the World Trade Centre were taken out and there was a lot of damage done, on the greater scale of Manhattan Island, it was only a very small percentage that was hit. So there are possibly thousands of smaller data centres across New York, across Manhattan Island, that were functioning fine,” he says. “Yes, telecommunications and so on were hit hard on the island and there were issues with that as well, but that could also be the case if you were in a suburban location.”

Hennell has another counter to the wisdom that organisations should move their data centres out of the CBD post haste, pointing out that one of the problems with suburban locations in Australia is limited access to telecommunications services. “Sydney CBD, North Sydney, Chatswood, St Leonards — in that area you have got plenty of accessibility, and so within that footprint you’re fine,” Hennell says. “But if you start moving even out to Parramatta or smaller areas within the city, then the access to that level of IT infrastructure is greatly diminished, or becomes a lot more expensive to provision.”

1 2 Page 1
Page 1 of 2
6 digital transformation success stories