http://wistechnology.com/article.php?id=3717 By James Carlini 02/20/07 A couple of weeks ago, I spoke about being disappointed by not being able to visit a PEAK 10 data center in Tampa to get a first-hand view of their services after an executive scheduled a meeting with me. This article brought in more feedback than I ever thought I would get. Several calls came in within 15 minutes of publication, including one from an IBM executive. People had a lot to say about watching claims made within the data center services arena. The prior article was about being frustrated for not being able to walk through a facility that I first had a positive impression of. Some respondents said that most companies will have some type of data center brag-path that you can walk through just to get an overview of services. PEAK 10 did not offer that. Due diligence From others involved in data center services, I got the impression that you better make sure you do some due diligence before selecting a third-party and turning over your mission critical applications. There is a lot of hype out there with claims of reliability and redundancy without real resources. As more corporate organizations look for outsourced facilities, they better make sure they are getting what they are paying for. Here is a portion of a long letter from a local reader that really highlighted what I thought were some of the issues: "Your instincts were right on - there is most definitely a wide variation in the caliber of the data center from one company to another, and often in between data centers of the same company It is a highly recommended best practice to go and see your specific data center as part of contracting due diligence. You learn a lot within the first five minutes you are there about how well they run their shop and how secure/safe your assets really are. Different data centers have different regulations regarding visitors. The better (more secure) ones are often legitimately quite strict about who has access to the facility. For example, I had to be approved by my client contact and sign a Non-Disclosure Agreement prior to gaining access to the data center and I was never allowed out on the floor without an Exodus employee being with me at all times. They were very sensitive about cameras (none were allowed). That being said Most data centers have a "brag path" through the facility that allows visitors (once they have signed a Non-Disclosure Agreement) to get a feel for the size and caliber of the operation without getting too close to anything. Typically, you are not on the floor but rather get a chance to see things from hallways through windows and such. This is SOP if someone has a nice data center and has nothing to hide. That they didn't do this for you should indeed raise red flags." A Colorado reader, who has several decades of IT experience, wrote: "That will be the last time they string you along without giving it some thought. I agree with you, most companies are always trying to parade their facilities to people it makes for free advertising. Trite phrases like "customer privacy" are put-offs. The data center, by its very nature, ensures privacy unless you are showing up with a laptop and planning to do some major downloads and hacking in their presence. So what are they hiding? Hmmm? Would be real surprised if you don't get something from them, conciliatory or nasty. Either way, PEAK may be more NADIR; they certainly are in their primal business and customer services skills." Another industry veteran, who has decades of facilities planning for mission critical infrastructure, including several major hospitals and airports in the United States and abroad, simply wrote: "Impressive ink and unfortunately deserved. Too bad for them." I'm not Rain Man Without belaboring the points raised by the readers, I did not get a good impression of what PEAK 10 claimed they had in terms of facilities, and I would be very suspect of what they list in their marketing materials and what is actually out on the floor. As another industry veteran put it, "Give me a better answer. I didn't fall down in yesterday's rain." With the need to really understand what you are getting in data centers, if you cannot walk through it, walk past it. CARLINI-ISM: If you can't walk through it, walk past it. -==- James Carlini is an adjunct professor at Northwestern University, and is president of Carlini & Associates. He can be reached at james.carlini (at) sbcglobal.net or 773-370-1888. Check out his blog at http://www.carliniscomments.com Copyright 2002-2007 Wisconsin Technology Network LLC. All Rights Reserved ______________________________________ Subscribe to the InfoSec News RSS Feed http://www.infosecnews.org/isn.rss
This archive was generated by hypermail 2.1.3 : Tue Feb 20 2007 - 22:42:26 PST