A ‘mission critical’ operation, system or facility may sound fairly straightforward – something that is essential to the overall operations of a business or process within a business. Essentially, something that is critical to the mission. But, as any data center manager or IT director will tell you, mission critical is far more complex than that. While there are many data centers that are mission critical, places like laboratories, public safety centers, hospitals, military facilities and other locations are considered mission critical as well. CIO elaborates on what constitutes a mission critical system, “Mission-critical computing has historically been defined as secure, reliable and scalable computing and process environments that support a company’s front office processes and operations. These are the processes and operations that directly support an organization’s end users and customers. The operations are mission-critical because they are core to the company’s mission and, if they fail, they can cause significant financial or reputational damage to the organization. In some cases, as with certain critical infrastructure, government and military systems, if they go down, they may also have an impact on national security. Mission-critical systems generally require high transaction volume capabilities such as those within banking or retail systems, border security, airline reservations or logistics…In the consumerization era, the scope of mission-critical computing was expanded further to include a proliferation of customer-facing, mobile- and social-enabled applications, brought about by the consumerization of IT, as well as applications such as collaboration, web, portal, CRM, HR and finance. The sheer number of these applications increased as organizations expanded customer touch-points across multiple channels and devices. Typical applications included customer service, customer support, e-commerce and m-commerce, as well as social business.”
If we use this generally agreed-upon definition of mission critical systems, and we concern ourselves not only with life and death operations, or critical business operations, but also with damage to a business’ reputation, that has a much wider scope. In today’s technologically-advanced world, end users expect services and systems to be readily available whenever they want or need them. Should downtime occur, even for a few minutes, it could lead to significant damage to reputation. The expansion of the Internet of Things means that the average person relies heavily on connectivity and technology not just for business operations but day-to-day life including home automation, personal technology devices, and more.
A mission critical data center facility’s uptime must be protected on multiple levels. Redundancy is the name of the game in mission critical facilities. One of the first things to consider with your mission critical facility is location. If you have your choice of location, it is advisable to choose a location that does not typically experience extreme weather conditions. By reducing the risk of things like flooding, tornados, hurricanes, etc., you reduce the risk of e a choice of location, the next thing you must do is implement multiple redundancies that take into account potential weather and environmental hazards that could threaten uptime. Additionally, by choosing the right location you can maximize energy efficiency which saves significant money in the long run, keeps you compliant with current restrictions and guidelines regarding data center energy usage, and protects the environment. Area Development explains why choosing the right location for your mission critical data center is so important, “No matter how well a building is designed, without the right public infrastructure in place, a mission-critical facility will face a litany of challenges. A site’s security, geography, power capacity, and fiberoptic connectivity are all vital. Data centers are power hogs. They require advanced energy infrastructure, so the reliability of the power grid is a critical site selection factor. The idea of data center microgrids is catching on as operators pursue reliable, high-quality power that endures when the central grid is unavailable or congested…The environment must be assessed for risks such as exposure to extreme weather events, seismic activity, and flood plain threats…Last, climate plays a role as air temperature and humidity levels impact energy costs significantly. Temperate climates offer natural cooling through systems that rely on outside air to offset the heat generated by equipment inside.”
In addition to the important of the perfect location, a mission critical facility must maximize security as well. A mission critical facility requires multiple levels of both physical and cyber security. Physical security begins with access to the facility itself and then access to particular rooms within the data center. Physical security is not just a security guard and a keycard to access a building anymore. While necessary personnel must have access to data center mission critical systems to keep operations running, they have also been shown to cause a significant percentage of downtime. Mission critical facilities, in particular, must protect who has access to mission critical systems at all times. Many advancements have occurred in the area of mission critical physical security.
There are many areas of physical security including the site perimeter, facility/building perimeter, computer room, equipment racks, and more. APC elaborates on why physical security is complicated and there is no one-size-fits-all solution, “The reason security system design seems so complicated is this: We do not have the technology to quickly, easily, and cheaply determine a person’s identity with certainty. What we have is an assortment of methods of varying effectiveness, convenience, and expense, resulting in difficult cost/effectiveness/risk analysis and the necessity of combining technologies or implementing concentric security peri- meters for backup…A typical security scheme uses methods of increasing reliability — and expense — in progressing from the outermost (least sensitive) areas to the innermost (most sensitive) areas. For example, entry into the building might require a combination of swipe card plus PIN; entry to the computer room might require a keypad code plus a biometric. Combining methods at an entry point increases reliability at that point; using different methods for each level significantly increases security at inner levels, since each is secured by its own methods plus those of outer levels that must be entered first.”
In addition to physical security, cyber security must be of the highest priority in a mission critical facility. Mission critical facilities often store and transmit confidential, sensitive information. If compromised, financial information, identity information, and even national security can be jeopardized. First, data centers must comply with federal regulations for the handling of confidential or sensitive information. Cyber threats are very real, very diverse, and very advanced so mission critical facilities must have security that is capable of handling such robust attacks. Security Sales and Integration points out just how much value industry leaders and governments are placing on cyber security to protect mission critical information and systems, “Cybersecurity has become mission critical for both the public and private sectors with annual cybercrime damages forecast to reach $6 trillion by 2021 (according to Cybersecurity Ventures). Spending continues to increase dramatically with the federal government expanding its annual cybersecurity budget by more than 35% to approximately $19 billion in 2017. Additionally, many private sector companies are spending in excess of 20% of their IT budgets in this area.”
One of the most tricky parts of advancements in redundancy for mission critical facilities is that many are employing IT infrastructures for remote monitoring and site management. Additionally, should there be downtime at a mission critical facility, the entire load can be instantly shifted to a networked data center that is capable of protecting mission critical information. But, because of the IT infrastructure, it also expands a mission critical facility’s vulnerability to cyber attack. Further, as we continue to rely on the cloud to store mission critical data center information, vulnerability to cyber attack is also expanded.
A comprehensive and robust physical and cyber security structure will help protect mission critical facilities against downtime, physical and cyber attack, and be a critical loss mitigation strategy. Further, redundancy in security, storage, power, and maintenance is generally accepted as a necessary component of any mission critical facility’s operations and best practices. Data centers must have prepared instructions and plans for a wide array of potential disasters or unforeseen problems. There must be adequate power to support the full load of information when needed. There must be proper maintenance schedules and operations in place that do not get neglected. When all of these things come together, a mission critical facility can maximize it’s uptime and reduce preventable downtime while properly and securely protecting information and operations, Looking forward, mission critical facility needs will continue to evolve as the Internet of Things progresses and more and more daily business and personal operations are fully dependent on secure uptime.