Companies may choose to utilize a data center for a variety of reasons. Some companies require their systems to be operating 24x7x365 which cannot be assured in their own facilities. Also, certain companies may require a high level of security (physical and environmental) that cannot be adequately provided in their current facilities. Other companies do not have the expertise or budget to manage their systems appropriately and have chosen a data center to provide these services.
Pipe, Ping, Power refers to a data center or colocation facility that supplies racks or floor space, electrical power, and internet connections. While a data center may provide numerous additional services, the Pipe, Ping, and Power must be ensured. In order to ensure these services, the data center should implement controls over some or all of the following:
- Processing Integrity
Security and Availability are two of the most important factors when selecting a data center or colocation facility. Your clients may not be able to adequately assure these objectives. An SSAE 16 / SAS 70 SOC 1 or SOC 2 audit is a great and cost-effective method of showing your current and prospective clients their information and equipment is secured at all times and the systems are available during agreed-upon hours.
In addition to security and availability, you may also provide services for your clients which may include the following:
- system monitoring
- remote hands
- system management
- peripheral (firewall, switch, and/or router) management
- server administration
- application or e-mail hosting, and/or
- backup services
These services may require you to have access to your client’s confidential or private information. Therefore, Processing Integrity controls will ensure that the services provided are completed timely, accurately, and securely. Also, when providing any service utilizing your client’s data, controls must be in place to keep the information Confidential or Private, depending on your client’s requirements.
A quality data center begins with the infrastructure of the facility. Attention needs to be given to physical, logical, and environmental controls. Physical controls include access to the facility and equipment. Adequate controls must be in place to restrict access to the data center to authorized personnel, guests, and vendors. This is the first line of defense against unauthorized attacks.
Proper logical controls should be in place to limit access to personnel, guests, and vendors based on job responsibility or need. An individual’s access should be restricted to the amount needed to complete his job function. If an elevated level of access is required for a specific task, the access should be promptly removed upon completion of the assigned task.
Environmental controls ensure the systems and equipment are available, when needed, and running within predefined thresholds. These controls include power management systems such as Power Distribution Units (PDUs), Uninterruptible Power Supply (UPS) Systems and generators. These controls ensure that power will always be available to the systems.
Proper cooling and ventilation controls should be implemented to protect the equipment from overheating. Server racks and related equipment produce heat which can shorten the lifespan of the equipment or cause a fatal failure of the equipment if the heat is not properly managed. HVAC units should be in place and provide enough cooling for the equipment in the facility.
Internet access is vital to be able to communicate with the equipment in your data center. There are numerous controls which could be implemented to assure this connection is not interrupted. This could include multiple communication cables, multiple internet service providers, or SONET rings.
We want to be your partner. For additional information please Contact Us