The need to move information throughout an organisation has the potential to leave companies more exposed to hackers and other cyber criminals. The more times a piece of data is sent and received, the more opportunities there are for it to be intercepted. This creates the need for a secure means of storing data and running applications.

Encryption is commonly used in protecting information within many companies, including data that is both ‘at rest’ and ‘in transit’. For example, this may include data being transferred via networks or stored on a hard drive. Some different examples of this are Virtual Private Networks (VPN), Full Disk Encryption (FDE) and Transport Layer Security (TLS), which is commonly used for email encryption during transmission.  Worryingly, in a recent survey conducted by Onyx Group among IT managers in SMEs, fewer than half (43 per cent) of respondents said that they encrypt their data backups, indicating that organisations are not always giving thorough consideration to the security aspects of data backup.

The more integrated and complex data becomes, the more mission critical it is to a business. As a result, I believe that big data is going to drive the adoption of the data centre, where a large volume of data can be safely and securely stored. One of the key advantages of data centres is their ability to ensure business continuity and minimise downtime. IT is the lifeblood of most businesses and plays a huge part in the growing adoption of business continuity planning. This has increased sharply over the past two years, with 61 per cent of managers reporting that they have a plan in place.*

Onyx’s data centre and workplace recovery facilities ensure business continuity in a number of ways, providing a workspace for businesses in the event that their workplace is inaccessible, as well as protecting business data from loss, theft or damage.

Providers with a number of data centres can also replicate the same information across more than one of their sites, meaning added resilience for the data and added peace of mind for the organisation. At Onyx’s data centres, any transfer of data is encrypted up to AES-256 level for maximum security, which is particularly important given the nature of big data. Data centres can also be equipped with monitoring services which automatically scan, identify and fix, where possible, any server irregularities before they become an issue.

Big data also increases the need for cloud and data centre providers who are willing to offer advice and consulting services on how to manage data more effectively. While in many industries and businesses, there is a colossal amount of data that needs to be stored, in others there is a large amount of unnecessary data being stored, simply because companies feel it is easier to store it than it is to remove it. For example, many cloud providers provide 25GB mailboxes as it makes it more difficult for the customers to move away from the provider – this is classic vendor lock-in. A good cloud provider will offer sensible mailbox size limits to encourage customers to manage their data better.

In summary, big data provides companies with a great opportunity to improve their processes, productivity and customer service. Data can be readily shared across departments and platforms and collated to provide information that is both meaningful and valuable to business operation. However, this in turn introduces security vulnerabilities, reinforcing the importance of IT security and the requirement for a robust means of managing data.

* Planning for the worst: The 2012 Business Continuity Management Survey, Chartered Management Institute.

> REGISTER HERE

Dates:
Thursday 2nd May 2013 – Hilton Grosvenor, Edinburgh
Thursday 9th May 2013 – Hilton Newcastle Gateshead, Newcastle

Times:
Registration: 9:30am
Finish: 12:30pm (approx.)

Cost:
FREE

Many organisations have found themselves in the headlines for the wrong reasons as a result of their IT systems, social media platforms and sensitive data being compromised by IT threats that are becoming ever-more sophisticated.

To help prepare your business, Onyx Group’s industry-leading security experts are holding a series of FREE informative workshops on 2nd May at Hilton, Grosvenor Edinburgh – 9:30am-12:30pm and 9th May at Hilton, Newcastle Gateshead – 9:30am-12:30pm to highlight the most common IT threats. We will demonstrate how your business can prevent such threats using the latest security measures & techniques.

Learn about:

• Why your IT systems can get compromised
• How the new breed of anti-virus software can protect your corporate systems and reputation
• Strengthening access to your networks & critical information through stronger multi-factor authentication and more!

> Click here for full agenda

> REGISTER HERE

2e2 has a diverse range of customers all with data storage and hosting needs and so I would like to invite anyone with concerns over the security of their data to get in touch with Onyx. Technology is such an important part of business operation today and so the safeguarding of your data in a secure environment is the main priority for us. Please contact me with any questions by emailing neil@onyx.net.

Public Cloud

Public cloud is the most mainstream cloud deployment and consists of an infrastructure maintained and operated by a cloud service provider within a data centre environment, which is publicly shared and accessed via the internet by multiple users. This service delivery is commonly known as Infrastructure-as-a-Service (IaaS).

A public cloud deployment is typically used as a data storage platform but is also commonly used to host applications and development platforms.

As the environment is shared by multiple users, the vendor can reduce costs which makes the solution more cost-effective. In addition to this, a public cloud solution can easily be scaled up or down to grow alongside a business as the pay-as-you-use model removes CAPEX business costs making the solution extremely attractive to SME’s.

Private Cloud

A Private cloud is a dedicated infrastructure for the sole use of one organisation and can be housed in a third party data centre or on-site within an organisation. No matter where the solution is deployed, it can be managed either by a service provider or by an organisation itself either in a data centre or in-house.

Private cloud is commonly used by organisations that have compliance and regulatory data requirements due to the complete control, reliability and maximised security benefits it offers. Organisations that require high performance of its data also opt to choose a private cloud deployment as the infrastructure can be specifically customised to meet the organisation’s functional requirements.

As a private cloud environment is built specifically to an organisation’s exact needs and requirements, cost savings can be gained as resources are specifically distributed to what the organisation will use – nothing more and nothing less. The on-demand availability a private cloud offers gives an organisation total control of its IT provisioning and eases workload management due to faster deployment levels and increased reliability.

Hybrid Cloud

Put simply, a hybrid cloud is the use of both a public cloud and a private cloud. A hybrid cloud solution is most commonly used by organisations when they prefer to store non-critical data to a public cloud and use a private cloud for more sensitive mission critical data to meet compliance regulations or to meet business demands i.e. higher speed of data.

As a hybrid cloud approach combines both a public and private cloud solution, it can offer “best of both worlds” to organisations that choose it. With part of the infrastructure being outsourced to a cloud provider, significant cost savings can be experienced whilst not compromising quality of service. Another major benefit of a hybrid approach is that some aspect of data control can still be maintained with the use of a private cloud, while also taking advantage of the scalability a public cloud deployment can offer.

Conclusion

Public cloud is a common choice for small to medium sized businesses (SMEs). This is due to its flexibility to scale up or down depending on requirements and the cost savings that can be generated by removing the need to purchase hardware and manage the system in-house. In contrast, private cloud deployments are typically preferred by larger enterprises who have the resource and skills to manage their cloud solution. The reality is that there are many benefits to using both public and private cloud to run applications and safely store data.

Businesses today require more than just a one size fits all service and it is important to consider the individual needs of each company before selecting whether a private, public or hybrid cloud approach is most appropriate. The one thing that is for certain is that cloud computing, whether this is public or private, will continue to evolve to adapt to the needs of small and large businesses alike.

By Neil Stephenson, CEO, Onyx Group

Onyx has also expanded its data centre in Edinburgh to add further rack capacity for data storage, reflecting the increased demand for outsourced IT solutions that ensure data is protected and IT systems are operational with minimal disruption.

The development of Onyx Group’s 24/7 support service reflects a general trend of businesses outsourcing their IT helpdesk function to providers like Onyx who can quickly and efficiently manage any IT issues firms may experience either internally or with external communications.

In an age where IT failure can result in significant damage to brand reputation, as well as disruption to service, the 24/7 IT support offered by Onyx also gives peace of mind to businesses across Scotland. One high profile customer is Edinburgh Airport, which relies on its IT infrastructure being fully functional in order to operate an average of 311 flights per day with minimal disruption.*

Hugh Gillen, Onyx Group Director, based in Scotland said: “We are noticing an increasing trend towards outsourcing or co-sourcing IT requirements for extra resilience against IT issues and to complement in-house skills. For example, by hosting servers in our data centres, companies can protect against common in-house risks such as power outages and connectivity failures.”

As part of this service, Onyx Group, which has a number of data centres across the UK including both Edinburgh and Glasgow, is helping to boost employment in Scotland, creating a number of job openings to date.

Gillen continued: “Scotland is a key part of our ambitious growth strategy as we continue to expand our Scotland-based clients and the services that we can deliver. We are pleased that we are able to offer businesses greater support, while also creating more employment opportunities through our 24/7 support service.

“Businesses are increasingly operating 24/7, with one of the reasons for this being greater international trading. To meet customer demand, our technicians are available to provide phone support around the clock, ensuring that IT systems are fully operational with minimal or no downtime. As we have a number of datacentres across the UK, we are also able to replicate data across these for added protection against data loss or corruption.”

Onyx Group has 10 sites throughout the UK including Glasgow, Edinburgh, London, Newcastle, Teesside and Sheffield. This includes five fully owned datacentres and six workplace recovery facilities.

The adoption of cloud solutions is increasing across the world as companies realise the many benefits. These include flexibility to scale storage capacity up or down depending on requirements and the accessibility of data whether users are in the office or working on multiple sites.

However, when deciding to adopt cloud storage in place of more traditional storage such as hard drives and tape backups, companies often need to be assured of data security, particularly when confidential client or customer data is held.

The Cloud Industry Forum (CIF) predicts that 75 per cent of UK businesses will be using at least one cloud service by the end of 2013.¹ This article will discuss the benefits that cloud solutions can bring to the water industry, including advantages such as data protection and ensuring that companies can operate 24/7 without interruption or risk of data loss. It will also discuss the drawbacks associated with adopting cloud solutions, how these can be overcome and ways of alleviating the perceived risks of storing data in the cloud.

Understanding Cloud Computing

Cloud computing has become one of the most talked about technologies in recent years, which has led to a large increase in providers and some confusion over the real business benefits it provides.

Put simply, cloud computing is storing data and running applications on third party computer servers and accessing them via the internet. Cloud computing is a diverse solution and can be deployed in different ways depending on business requirements. While cloud is available to the general public, providing services to the end user over the internet, private cloud is an infrastructure that is solely dedicated to an individual organisation and is hosted within a data centre environment.

The Business Case for Cloud Computing

In the current climate, businesses are looking to streamline IT operations and reduce costs wherever possible. Small and medium-sized enterprises (SMEs) in particular find cloud solutions convenient as there are no large upfront costs and the need to purchase IT equipment, manage the system in-house and replace/upgrade everything when it becomes obsolete is removed. The operating expenditure (OPEX) model where fixed monthly costs are applied also helps with ongoing budget planning.

Cloud computing also offers a greener approach to IT by enabling companies to optimise the use of power, as all users share the same infrastructure. As a result, significant cost savings can be made.

Operational efficiency can also be increased through using cloud. Within hours, an entire cloud-based IT environment can be live and ready to use. Companies are also able to off-load tasks such as licensing updates, which removes strain from internal IT departments, hence increasing productivity.

One key benefit of cloud computing is that it is scalable and can grow with your business. At the same time, storage capacity can be reduced if needed; preventing companies from experiencing any unnecessary IT costs.

Cloud computing also presents businesses with the opportunity to increase their competitiveness. Previously SMEs were unable to afford the vast and expensive IT infrastructures that were only accessible to larger enterprises. Cloud offers SMEs and smaller companies a chance to compete with larger enterprises in terms of customer service, innovation and efficiency.

Is Cloud Appropriate for all Businesses?

Like all solutions, there are a number of considerations that must be assessed before deciding if cloud solutions are the most appropriate for your business. Some companies find that traditional data centre storage or solutions that combine the two are their preferred means of running applications and storing data.

There are some concerns over how easily data can be extracted from the cloud.  There is a need for providers to offer clear data extraction policies to ensure that it is no more difficult to extract data from the cloud than it is to take data from traditional physical racks in data centres.

Alleviating Risk

With IT becoming the lifeblood of most businesses, it is critical that providers offer customers total resilience in the cloud. This is particularly the case in the water industry where utility companies and their providers must be able to provide a continual service and confidential data about customers is held.

When subscribing to a cloud service, users should find out as much as possible about the solution. Where applicable, companies should ask for service level agreements (SLAs) and visit the data centre to verify that the service is more than a standalone PC on the internet.  Within their SLAs, all providers of cloud solutions should offer guarantees on availability of service – Onyx Group recommends that it is at least 99.99 per cent (52 minutes of downtime a year).

To take things a step further, some companies consider using multiple cloud service providers to spread the risk if things do go wrong.  For example, companies can have their e-mail hosted with one provider and core applications hosted with another.

Many companies also choose to use hybrid cloud solutions, where cloud is combined with traditional services to provide extra resilience. Storage of data within data centres is often chosen as a secure alternative or complementary solution to cloud computing. Companies with a number of data centres in different locations are able to offer data replication across data centres for added resilience against data loss or downtime.

This approach negates many of the perceived risks of cloud, but whether this is needed is debatable. For example, Onyx Group offers firewalls and security to give peace of mind. Data is also monitored 24/7 by engineers to eradicate any issues.

As cloud services are off site, they also give companies reassurance that if crises such as flooding, fires or other circumstances mean that a workplace is inaccessible, data will not be affected and can be accessed securely from other locations. This ensures that service is not disrupted, demonstrating that cloud is designed to provide business continuity in the event of a crisis rather than being the reason for the crisis itself.

Furthermore, if service engineers and off-site staff need to be able to access data or run programmes from the road, this is made simple with cloud computing which is optimised for mobile use.

Conclusion

The cloud computing market is expected to reach $240billion by 2020, growing substantially from $40.7billion in 2011.² These statistics demonstrate how businesses are actively moving their IT processes to the cloud in order to experience the full flexibility and operational benefits of the technology. This suggests that IT will continue to evolve to meet the needs of cloud and its users, however the importance of choosing a solution that is right for individual business needs should not be overlooked.

Finally, complacency is one thing that cloud providers cannot afford as establishing an appropriate, secure IT infrastructure is an ongoing process that should always be reviewed and updated on a regular basis, in line with the changing needs of a business.

References

1. Cloud Industry Forum, http://www.cloudindustryforum.org/news/394-cloud-adoption-amongst-first-time-users-leaps-27-per-cent
2. Forrester Research, http://www.itproportal.com/2011/04/27/cloud-computing-market-predicted-240-billion-2020/

Businesses in the North of England are being warned by the Met Office to prepare for flooding as it is expecting between 30 and 40mm of rain falling in many areas and up to 70mm of rain in parts of North East England. There is currently an amber weather warning in place in Wales, Yorkshire, the North East and the Humber, while the terrible weather has already hit the South West and the Midlands over the weekend.

Flooding can severely affect and disrupt many businesses with power failures, loss of data and absent staff. Organisations must have robust protocols in place to ensure business continuity, whether this is an accessible workplace recovery centre to ensure minimal disruption to business operation or cloud storage solutions to protect against data loss and allow data to be accessed offsite. This means that while businesses may not be able to predict crises, they will have the reassurance of a continuity plan that will ensure trading can continue even if their premises are temporarily unusable or IT systems become damaged.

Neil Stephenson, CEO, Onyx Group, commented: “Business continuity is about making sure that, no matter what happens, a business can carry on as usual. As the current flooding is demonstrating, organisations in less resilient sites need to consider staff relocation, how they would cope if their current premises were temporarily unavailable and, for example, the possibility of a server being flooded, resulting in a loss of data.

“To ensure that businesses keep running during a natural disaster, they need to invest in a workplace recovery model. This will back up all of a company’s data off-site in various datacentres that can be accessed nationwide, and will also provide an alternative, fully equipped workplace for staff when they can’t enter their normal place of work.”

As the Government has just declined a not-for-profit insurance fund aimed at reducing premiums for businesses and homes at high risk from flooding, the peace of mind that a workplace recovery centre is available to ensure continual business operation while a premise is being repaired or restored is even more important.

To discuss your current Business Continuity plans and to find out how Onyx can help you, call us today on 0800 970 92 92 or email us at info@onyx.net.

Onyx Group’s Hosting and Security Consultant Andrew Waite discusses how and why your business systems could be under attack, and the necessary measures needed to help prevent a breach.

It seems there are always stories related to information security these days. From TJX being breached to access numerous credit card details to Sony’s PlayStation Network breached in response to perceive persecution of GeoHot, Coca-Cola targeted in corporate espionage to Iran’s nuclear facilities being targeted by a joint US/Israeli intelligence operation.

Most people can understand the reasoning behind the headline making attacks, even if they don’t agree with them. But the question most commonly asked by those responsible for securing (vastly) smaller networks and organisations is ‘Why Me?’, usually followed up by the statement ‘I’ve got nothing anyone would want’. Unfortunately even if you’re not Sony or Coca-Cola, if you have systems on the Internet, they will be (and are) under attack.

Automated Scanning, Mass Propagation and ‘Script Kiddies’

Many systems, whether intentionally or as part of a compromise, continuously scan the Internet looking for insecure victims. From my own research, systems can be live for under a minute before coming under attack. Any common vulnerabilities present on the system will be exploited, with control of the system handed to the attacking parties, often to begin the cycle again looking for further hosts to attack.

Slightly higher up the sophistication chain from automated software are ‘Script Kiddies’ (low-skilled attackers utilising pre-built attack tools). If a system is vulnerable to an attack that they have an exploit for, the system will be compromised; if not, ‘Script Kiddies’ will often look elsewhere for a softer target.

Resources and Kudos

That’s the ‘who?’, but what about the ‘why?’ Whilst you might believe you have nothing worth taking, your online adversaries will disagree. At a minimum your IT systems will have resources that are valuable. These include:

• Storage: Whilst storage is getting cheaper, why incur the expense of a larger hard-drive or online backup service if you can compromise an unsuspecting system and store your data there for free. One of the stranger things I’ve found on a compromised system was the entire first 6 series of The Simpsons.
• Bandwidth: Your systems have the ability to send information to other systems on the Internet, and this can be used to attack other systems. Distributed Denial of Service (DDoS) attacks are essentially multiple systems requesting from the target system that is more than it can handle. This prevents legitimate users from accessing the system; similar to a traffic jam at rush-hour, or a stadium bar at half-time. Systems used for these attacks are openly sold and/or rented on the underground market for as little as $700 or $2 per hour.
• Free Hosting: Hosting systems, services and website online costs money. If attackers can compromise your systems, they will, as they can get the same level of service that costs you money, without paying a penny. In the past I’ve encountered everything from an Adult ‘introduction’ site, to an Anti-Government propaganda site when helping clients clean-up following a compromise.
• Anonymity: Once compromised, attackers are able to route their own internet traffic through your system, appearing to the outside world to be ‘you’. This can be done for a number of reasons; either to hide the true source of an attack on other systems, or to remain anonymous in parts of the world where the monitoring of citizens is common practice. Either way, you don’t want the trail to go cold on your systems when the Police or Intelligence Services come knocking.
• Because it can be done: Some people compromise systems simply to prove that a) it can be done, or b) that they can do it. This can be similar to the graffiti tagging of buildings in the physical world, often to (perceiveable) increase their reputation within hacking circles. Previously, some websites have even been created with the distinct purpose of allowing others to share and rate their hacking exploits.

Where’s the good news?

All of the above can seem daunting, but the good news is basic system security and administration can protect most of the low-hanging fruit which attackers leverage to achieve mass compromises. Consider if you have:

• Implemented solid perimeter security (firewalls) to reduce the available attack surface to your systems
• Applied patches and updates to all systems
• Run anti-virus and other systems to identify elements of a compromise
• Changed default passwords on all systems/software and implemented a strong password policy
• Regularly review system security to identify any missing protections and remain up-to-date with the latest threats

Article written by Andrew Waite, Hosting and Security Consultant, Onyx Group. November 2012.

Onyx Group can assist with all of the above and more. To discuss any aspect of securing your systems and information please contact us today at 0800 970 9292 or email info@onyx.net.

Compliance Requirements in the Financial Sector

Banking and financial services companies are faced with increasingly stringent compliance requirements when managing their data. Compliance requirements can relate to anything from data backup to how the original data is stored, creating a need for safe and reliable data storage solutions.

A number of high profile cases have been reported involving inaccurate records and data loss, as a result of failing to comply with regulations. Most recently, in October 2012, the Financial Services Authority (FSA) fined the Bank of Scotland (BOS) £4.2 million¹ for failures in their systems which meant it held inaccurate mortgage records for 250,000 of its customers.

It is vital to protect any information that relates to any transaction or that could be used as part of a transaction. As a result, every stage of communication, whether it is written or verbal, needs to have an audit trail and be defendable against litigation. For example, it is common practice for voice recordings to be taken and emails to be archived and stored securely.

Each “type” of data has a lifecycle and generally each organisation will employ a compliance officer to ensure that it is handled in line with regulations. Depending on the institution, the number of compliance requirements can vary. Guidelines exist to help individuals manage processes and safeguard against risk, such as data loss and the illegal use of privileged information. Data backup strategies are recommended to protect against accidental deletion of data, virus outbreaks, floods or fires, disk failures or theft.

Organisations and institutions that might be making investment decisions for financial institutions, such as pension funds, are also guided and protected by regulatory compliance. In addition to this, some organisations can operate on both sides of a “deal” so they might be offering advice to both buyers and sellers. When this is the case, there needs to be clear, demonstrable demarcations with data and user separation, so as one discipline does not influence the actions of the other.

What do I need to adhere to?

There are a number of regulations that must be adhered to in order to ensure that data is safe and secure. For example, the AICPA (American Institute of Certified Public Accountants) developed and maintains the SAS 70 (Statement on Auditing Standard 70)², which relates to the processing of transactions by service organisations and can be used to show transparency to customers and regulatory bodies. Some of the many service organisations that are guided by this include insurance claim processors, credit processing companies and clearing houses.

The SAS 70 audit has grown increasingly popular with the implementation of the Sarbanes-Oxley Act of 2002³, which suggests using SAS 70 as an important resource to show the effectiveness of a service organisation’s internal controls and data security safeguards.

Overcoming Compliance Challenges

It can be challenging for companies to fully understand compliance requirements as their interpretation can differ from the Financial Services Authority’s (FSA) understanding. For example, regulatory guidelines often use phrases such as “we would expect a company operating in this market to have effective disaster recovery (DR) procedures”, giving an element of choice as to whether companies wish to do so, or as to whether that provision is adequate. Another example is the discrepancy in the area of taking voice recordings from mobile phones. While some companies strictly adhere to regulations and record mobile phone conversations, others simply use internal company policy and ban mobile phone use, but then do not log instant messaging (IM) or conversations via online chat services. These discrepancies can often result in companies receiving fines for non-compliance. Further confusion results when the fines are higher than what the company expects to receive.

Companies like ourselves can offer advice and experience to assist in the understanding of compliance requirements but ultimately the banking or financial services firm must make their own interpretation of their compliance position and the rules, based on the market(s) they operate in, who they service and risk.

Due to a growing need for transparency, companies can be asked to prove that they are adhering to legislation at any time and therefore must have the necessary data security tools in place.

There are a number of IT solutions that have been verified after intense scrutiny from the regulatory authorities and that are known to comply with what an organisation would be expected to present to any regulatory body.

These include email archiving and voice recording technologies, as well as full DR solutions to protect a business’s IT infrastructure in the event of floods, fires or theft, for example.

Some of these types of records have been used in the Leveson Enquiry⁴ for example and the Libor scandal⁵, in which Barclays was fined £290m in June 2012 after some of its derivatives traders were found to have attempted to rig the London inter-bank lending rate, which is considered to be one of the most crucial interest rates in finance.

In such cases, banks are expected to be able to produce communications in support of both their version of events and to defend against allegations.

From a DR perspective, many companies gain commissions on trading on markets, or need to make decisions on market changes. Being off-line means they cannot earn commissions or react to change and revenues can be affected. As such, they have very tight Recovery Time Objectives (RTOs).

It is fundamental that all businesses, ranging from small and medium-sized enterprises (SMEs) to multinational corporations (MNCs), implement a comprehensive data back-up system to reduce the risk of data loss.

The agility of “Cloud Storage”, in which data is stored in virtualised pools, is growing in popularity due to its many benefits. These include eliminating the need for physical storage space and reducing energy consumption, which in turn lead to cost savings. Hosting providers operate large datacentres and companies that require data hosting buy or lease storage capacity from them. This also adds flexibility as storage space can be easily scaled up or down depending on the requirements of the organisation.

Cloud back-up solutions are highly secure, incorporating bespoke encryptions and security practices such as enterprise-grade firewalls. As an example, Onyx Group’s Cloud Backup provides military-grade encrypted online duplication of source data into secure storage vaults at ISO27001 accredited datacentres. This data is then replicated between geographically diverse facilities for added resilience. Peace of mind is provided as 24/7 high-specification security systems and personal monitoring are in place at each data centre.

It is also important to consider authorisation rights and assess who in a company should be able to access specific data. Usage rights can be determined with passwords that give access to different areas of the IT system depending on job role.

Conclusion

The safeguarding of data in the banking and financial services sectors is crucial due to the confidential nature of information. Using cloud solutions to backup and store data gives companies the flexibility to choose between backing up data every second, hour, day or week, helping organisations to comply with stringent regulations.

Multiple datacentres provide peace of mind so, if data is lost, it is backed up elsewhere, enabling business continuity. Workplace recovery centres are also in operation, meaning office space is provided to companies in the event that their workplace is inaccessible. Data can then be accessed from the relevant datacentre, restoring business operation with minimal or no downtime.

Authored by James Carver, Head of Business Continuity & Risk, Onyx Group

References

1. http://www.fsa.gov.uk/library/communication/pr/2012/094.shtml
2. AICPA (American Institute of Certified Public Accountants) SAS 70 (Statement on Auditing Standard 70)

http://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/sas70_soc_reportsinfographic.pdf

1. Sarbanes-Oxley Act of 2002, http://www.soxlaw.com/
2. Leveson Enquiry, http://www.levesoninquiry.org.uk/
3. Libor scandal, http://www.bbc.co.uk/news/business-18671255

In this article Hugh Gillen, Managing Director of Infrastructure at Onyx Group, discusses some of the major challenges facing managers of hosting environments and provides advice on how these issues can be overcome.

1.)    Energy Costs:

We are all facing tough economic times and energy prices continue to rise. The price we pay for our energy is dependent on a magnitude of variables such as the cost of distribution, transmission, green power, renewable power and availability charges. Depending on the size and output of your Data Centre, you also have to consider the effect of Carbon Tax on your overheads and how you measure this.

Being efficient with the use of your power, keeping tight controls, monitoring usage and PUE (Power Usage Effectiveness), performing “what if analysis” and investing in new and proven technologies will ensure that your Data Centre remains competitive and energy costs are kept under control.

2.)    Power:

New emerging high density racks, Cloud and the growth of the Storage industry has driven the increase in demand for greater power within the Data Centre. Supporting all of these new technologies in a highly available and efficient manner has become the most significant challenge to date.

Getting additional power to a site isn’t just a matter of turning on the tap. It can take months, if not years, depending on a number of different factors. It is important to consider the availability depending on your current geographical location, upgrades to your IT infrastructure , the time and resources to process an upgrade and ultimately the considerable costs involved.

To ensure that power availability does not disrupt your Data Centre operations it is imperative that you:

• Plan ahead – understand your future consumer requirements.
• Make sure you use efficient power and UPS systems.
• Always look for alternative options for power

3.)    Cooling:

Cooling can be the largest consumer of power within the data centre and quite often can even use more power to cool the IT infrastructure than the IT equipment itself.

As the move to high density equipment becomes more prevalent, the challenge to cool the IT equipment can become impractical depending on:

• The type of cooling system installed
• The layout of the Data Centre
• The power available to the cooling units
• The external air temperature

Central to any successful cooling strategy is to understand the present and future power requirements of your Data Centres IT equipment. To ensure your facility remains flexible in its approach to cooling requirements, it needs to invest in the right technologies to meet the power demand such as:

• Free cooling – Ensures continued cooling availability
• The development of an appropriate floor, rack and room layout design
• Computational Fluid Dynamics (CFD) using “What if Analysis” tools.

4.)    Space:

As your Data Centre grows, it will require additional racks to satisfy your demand. Whilst bringing the obvious benefit of increased revenue, this additional spacing creates further energy and labour costs that may eventually affect your future profitability.

Availability of space is intrinsically linked to energy, power and cooling. The same best practices apply to space in terms of:

• Data Centre rack consolidation
• Room layout planning
• Virtualisation
• High density solutions
• Moving applications to the Cloud
• Utilising a denser server and storage infrastructure

Implementing all of these measures will facilitate the optimum use of the available space.

5.)    Availability:

So now that the energy costs are under control, future power requirements are understood, cooling and PUE is improving and consolidation of space is underway, you need two of everything, and you need it available 24x7x365.

All the work to bring costs under control and maximise the return now requires more power, more cooling and more space. The expense of availability is a colossal challenge, but one that can be overcome. Ensuring you have the availability which reflects the level of service you are offering is imperative. You may not need to duplicate everything and careful planning of each area with respect to power generation, UPS, fuel supplies, cooling, hot spares, standby equipment and backed by a thorough and comprehensive maintenance regime will ensure your Data Centre stays available and resilient.

Summary:

Quite often the most practical and cost-effective solution to all of your Data Hosting needs is finding a third party who has the infrastructure, skills and knowledge in place to manage the task for you.

By choosing a leading Data Centre provider, you can rest safe in the knowledge that your IT infrastructure is managed and operating efficiently to maintain your business performance and address your growing business needs. With managed hosting solutions proving a more cost effective measure compared to in-house server rooms or self-built Data Centres, outsourcing your hosting needs to a leading provider could be the key to your future business success.

For more information on Onyx Group and how could help you with your data hosting problems, contact us today on 0800 970 9292 or email info@onyx.net.