Why Audit a Data Center? 5 Checks to Ask About

Data is highly valuable. Your organization possesses not only your data, but also your customers’ as well. Any kind of data theft or misuse may lead to huge monetary loss. In the worst case, your customers may sue you, or your organization may face bankruptcy.

So, if the data grows beyond your storage capacity, where should you store it? Let’s rephrase the question. How can you store the data securely?

The answer is data centers. But how can you be sure a data center will keep your data safe? Also, how will you know whether the data center facility is right for your storage needs? You carry out audits.

At any time, you can carry out an audit to check a data center’s performance. You can check the compliance standards and whether the facility is ready to operate. Sometimes, customers themselves carry out auditing activities. Other times, they hire a third party for auditing.

In this post, you’ll find out some important auditing activities to carry out before choosing a data center. You’ll learn what to ask while auditing the data center, so you’ll know whether the facility will keep your data safe. You’ll also find out whether the data center is certified and how its staffers would handle power outages or natural disasters. Learning all these details is an important part of finding out how to DevOps your data.

Let’s get started.

Security Audit: Will the Data Center Keep Your Data Safe?

Security is an obvious fact every data center should care about. But if you’re going to trust a data center with your data, it makes sense to worry about security. We’re going to discuss some checklists to ensure the data center has enough physical and virtual security protocols.

Physical Security

Many data centers offer contracts that don’t even cover security. Well, data security requires expertise as well as investment. Therefore, while you’re auditing a data center, check if the security protocols are enough to keep your data safe.

  • Check the registration procedure for employees and customers. Once the data center hires an employee, do staffers complete a background verification check on that person? Also, when customers come to the facility, ideally the data center staff should verify the customer’s identity and then issue that person a temporary access card. Each employee should have an access card to get past the entry and other gates. Find out if the facility follows these procedures.
  • Ask the data center if its employees have proper identification and badges.
  • Check if anyone can access the secured rooms or if biometric access is required to get in.
  • Find out whether the data center maintains records of all its employees, including security personnel.
  • Check if there are enough security cameras to observe whoever enters or exits the building. There should be enough to cover every angle, leaving no blind spots.

Making these checks and asking these questions helps you ensure that no unauthorized person has access to the center. Failing to control data is an anti-pattern that can damage your organization and your reputation.

Virtual Security

Now it’s time to check virtual security protocols.

  • Check the mode of access and the online presence of data. For instance, suppose the customer or any other person tries to access the data through an online portal. The portal and the servers must have enough security layers, such as antivirus protections and firewalls, to prevent malware. Remember, cyber threats are increasing day by day. If there isn’t enough protection, malware can lead to data loss and monetary loss.
  • What are the authentication protocols before a person can access data?
  • What kind and level of encryption does the data center provide? In general, there are two types of encryption. Ideally, your data center should use the encryption type that’s appropriate for your data, along with latest cryptographic algorithms.
    • Encryption using symmetric key: Here, you can use a single key for encoding and decoding.
    • Encryption using asymmetric key: There are two keys. One is for encryption. This is a public key, and anyone can use it to encrypt a file. The other is a private key. Only the person with private key can use it to decrypt the data.

Taking good care of your data is an important part of establishing success patterns.

Once you’re assured that the data center can safely store your data, the next step is to check is the facility’s performance. What will the data center do to fix any kind of server-related issues promptly? Let’s discuss what to ask during a performance audit.

Performance Audit: What Happens if There Are Problems?

The purpose of a performance audit is to check how the facility operates. As a customer, you’ll need assurance that if and when technical complications occur, the employees of the data center will fix it without losing any of your data. Let’s talk about what to ask.

What Kind of Remote Support Does the Data Center Provide?

The data center’s employees’ job is not only to keep your data safe. They also must provide you remote support. Ever wondered what to do if you need to reset the server at midnight? What if you run into some issues while fetching some information? You can’t visit the data center and fix things by yourself. While auditing a data center, find out if they have a remote tech support team. Not only that, check whether they provide 24-7-365 support.

You can compare the data center’s remote support with the support you get from the IT team of your organization. IT staffers are there to help you with any sudden technical issues or troubleshooting. Similarly, the data center should also have a support team for helping you with any sudden issues or requests. But how can you check if the team is qualified enough to help you with technical issues?

Employees’ Qualifications

What do you do when you’re hiring an employee or temp? Before scheduling an interview, you check the person’s knowledge and certificates. You want to know if the person is qualified enough to work for you. The same reasoning applies to a data center.

Data center servers and other equipment need frequent servicing. Also, what if an issue arises suddenly? You don’t expect the security guard or the manager to fix it. Only a person with proper knowledge of network equipment maintenance can do that.

While auditing a data center, ask the manager whether his or her employees know how to provide support for routine activities. They must have experience with:

  • Setting up racks.
  • Configuring new servers or devices.
  • Ensuring that humidity and temperature are set to optimum levels.
  • Ensuring that generators, uninterruptable power supply, and substation computers are functioning.

If you know the baseline skills of the facility’s employees, you won’t have to visit the center to fix issues.

These steps are a great start, but they aren’t enough. You’ll also need to check the track record of the data center. History is a good way to predict how the facility will operate. We’ll discuss this in the next must-check activity: the data center’s past performance.

Track Record of the Data Center

A perfect machine or service is a myth. Failure can happen to anyone, be it a machine or a person. Many data centers give a service availability guarantee of 100%. Yet all systems have a high risk of failure because of some unforeseen event. So, a 100% service level agreement is a myth. But the data center can guarantee to give your money back or pay a financial penalty if there’s an outage.

While carrying out an audit, dig deeper into the service-level agreement (SLA). Find out the parameters of measurement, such as mean time to recovery (MTTR) and average speed to answer (ASA). Check the transparency level the company provides to customers when there’s an issue. If an outage occurs, will they notify you or wait for you to call them? Ask them to provide a report of their previous outages, if any. Also, check reports of how they notify the customer, what happens during resolution, and what happens after resolution.

Check the customer reviews in detail. You can check reviews and testimonials at the data center’s website. But it’s better to check Google reviews and reviews posted on platforms such as Glassdoor. Doing this will help you find out if any customer has had a complaint with the data center’s service or how it resolves issues.

Compliance Audit: Certifications Earned and Steps Taken to Maintain

You can check the quality of employees by looking at their resumes and certificates. But how can you check the quality of a data center? The answer is through its certificates. A reputed data center has certificates such as SSAE 16, LEED, HIPAA, and many others.

While auditing, choose the data center based on your needs. For instance, if your company works on financial operations, then a data center with SSAE 16 is ideal. Similarly, for e-commerce companies, PCI-DSS certified data center is perfect. HIPAA is for healthcare-based companies, and LEED is ideal if your company is environment friendly.

These certificates prove the data center’s quality, security, and reliability. For these reasons, check if the center’s attestations and certificates are up to date. Also, check the steps the facility has taken to maintain those certificates.

Infrastructure Audit

Are you satisfied that the data center has all the required certificates and the employees are qualified enough to keep your data safe and fix any issues that arise? Now it’s time to check if the facility itself is perfect for your needs.

Generator Load Testing

Load testing is an important activity for a data center. By load testing, the facility checks if its generators can handle power outages. Load testing involves the following steps:

  1. The facility turns off its power.
  2. The data center uses the power generators only to power up the servers, cooling, and other operations.
  3. The facility tests each generator to find out its capacity for handling power requirements.

This operation detects if any generator is faulty. However, this is a costly operation because it consumes a lot of fuel. So data centers often skip load testing or perform it after a long interval. If the center skips regular load testing, chances are high of generator issues happening during a power outage—and a power outage is the wrong time to find such issues. During that time, there won’t be any power backup for your servers.

When you’re auditing a data center, find out if it performs extended load testing on every generator. Also, check how frequently staffers carry out the testing. A minimum of one test per quarter is what you’re looking for.

Risk of Natural Disaster and Safety Protocols

A natural disaster is an unpredictable factor that can harm a data center. Experts can predict the occurrence of earthquakes or tornadoes, but they can’t predict the range of damage that a natural calamity may cause. It’s impossible for a data center to prevent natural disasters, but you can expect them to have preventive or fallback measures.

While auditing a data center, ask these questions:

  • What natural disasters are likely to occur in the zone where the facility is located?
  • What kind of contingency plans does the facility provide in case a disaster happens?

For instance, suppose there’s an earthquake. The data center doesn’t have any major structural damage, but there’s a power outage. The only bad thing that can happen in this scenario is if the authorities don’t provide any estimation on repair times. At this point, the data center depends on generators for power backup. How long do the generators run on normal fuel supply? And once the fuel runs out, are there enough suppliers for refueling services?

Is the Site Flexible for Future Growth?

Let’s suppose you start by renting 500 servers from a data center. This doesn’t mean your needs will be limited to 500 servers. With the growth of your company or your projects, you’ll need more servers.

While auditing a data center, it’s important to check how much growth the center can handle. If your storage need quadruples in a couple of years, does the data center have enough space to store the servers? Not only that, can the center handle the power requirements? Even if you store your servers, the power capacity advertised may not be fully consumable. A data center may advertise 50 amps per cabinet. But in reality, 25 amps may be redundant and the other 25 amp primarily usable. Specify that a situation may arise when you’ll use the full 50 amps. Believe me, you don’t want yourself in a situation wherein the middle of your growing business, you have to spend a huge amount for moving to another data center.

Take a Tour of the Data Center

By carrying out these auditing activities, you can rest assured that the data center fits your needs and answers all your questions. However, there’s one thing still left to check. Although your auditing team will do most of the job, prepare some questions yourself. Ask the manager of the facility to give you a tour. Check the reports, and determine whether they’re correct. Once you find out that your data will be safe inside the facility’s walls, sign the contract, and enjoy the peace of mind that comes with it.

This post was written by Arnab Roy Chowdhury. Arnab is a UI developer by profession and a blogging enthusiast. He has strong expertise in the latest UI/UX trends, project methodologies, testing, and scripting.