When people talk about the security of cloud services, the first things that come to mind are usually data pro­tec­tion and defense against cyber-attacks. A major fire at a French cloud provider in early March raised questions about how well Internet data centres are protected against physical threats like fire. What should cloud users take into con­sid­er­a­tion when choosing their provider and is there anything thy can do them­selves to ensure the security of their data?

Compute Engine
The ideal IaaS for your workload
  • Cost-effective vCPUs and powerful dedicated cores
  • Flex­ib­il­ity with no minimum contract
  • 24/7 expert support included

Building security

Data centre security starts with selecting the location. Modern data centres are usually built away from res­id­en­tial areas. But if they are built in in­dus­tri­al estates, they should have a minimum distance between them and other buildings so that if a fire starts in one building, it cannot engulf the one next to it.

If possible, the building itself shouldn’t be made out of any com­bust­ible materials. Ideally, offices should be separated from the data centre. Elec­tric­al operating rooms, where the risk of fire is par­tic­u­larly high, should be placed in separate fire pro­tec­tion zones.

Image: The location of a data centre plays an important role when it comes to security.
The location of a data centre plays an important role when it comes to security.

To ensure that a fire is detected as quickly as possible, early fire detection through an as­pir­at­ing smoke detector (ASD) is re­com­men­ded in addition to classic smoke detectors. Room air is con­tinu­ously sucked in and examined by an optical system for the smallest smoke particles. A fire source can often be dis­covered way before an actual fire breaks out. In addition, it is often possible to connect fire alarm systems to fire stations or police stations at some locations, so that in the event of an emergency, you don’t have to raise the alarm manually.

Fire fighting

If a fire does break out in the data centre, there are several ways to fight it. Due to the high currents flowing around server rooms and supply rooms, using water to ex­tin­guish the fire is not an option. Although water mist sup­pres­sion is an exception. Instead, you have to deprive the fire of oxygen to put it out.

For pre­vent­ing fires from occurring, there are oxygen reduction systems. These reduce the oxygen content in the room air to well below 20 percent, pre­vent­ing a fire from de­vel­op­ing in the first place.

Image: Oxygen reduction in data centres
Oxygen reduction: In data centres, non-toxic inert gases such as argon are often used as ex­tin­guish­ing agents.

Al­tern­at­ively, gas ex­tin­guish­ing systems can be used. In the event of a fire, these systems blow an inert gas - usually noble gases, nitrogen or CO² - into the affected rooms at high pressure. This displaces a large part of the oxygen in the room and suf­foc­ates the flames.

Re­dund­ancy

Fire or major faults cannot be com­pletely avoided, of course. For this reason, all relevant systems should be designed re­dund­antly, i.e., multiple parts available. This applies to critical systems such as emergency power gen­er­at­ors, UPS systems, and network equipment. The standard case is the N+1 re­dund­ancy, in which at least one more component is available than is necessary for regular operation. With 2N re­dund­ancy, all com­pon­ents are available twice.

Re­dund­ancy is also often used for the core of a data centre. RAID systems are data storage vir­tu­al­isa­tion tech­no­logy that combines multiple physical disk drive com­pon­ents into one or more logical units for the purposes of data re­dund­ancy. However, if a server is destroyed by fire, this is of little help, as all data is then lost. For this reason, the hosting provider should make a separate backup of all the critical data, which is kept as up to date as possible, stored somewhere else, and can be used to restore data in an emergency.

The supreme dis­cip­line here is geo-re­dund­ancy. Here, data is stored - syn­chron­ously if possible - in a second, geo­graph­ic­ally separate data centre. For example, IONOS uses two data centres that are about 60 kilo­metres apart to store websites, emails, and databases. In the event of an emergency, it is possible to switch auto­mat­ic­ally from one data centre to the other without having to reload the data. If, as is the case with IONOS, the data is then ad­di­tion­ally backed up in a third data centre, pro­tec­tion against data loss is even greater. The latter protects data in case it is ac­ci­dent­ally changed or deleted, as it contains a backup of the data that was ac­ci­dent­ally changed or deleted, so it can be used to restore it.

What should cloud and hosting users keep in mind?

Which data is backed up and how varies from provider to provider and from product to product? In general, the hosting provider should back up all systems that it operates itself, such as shared hosting systems, email servers, and databases.

However, this is not possible with server systems where the customer has root access and op­er­a­tion­al re­spons­ib­il­ity. This is because the provider does not know the access data to perform data backups. Many providers offer optional backup solutions so that server customers can also back up their data locally. The same applies to cloud packages – customers are usually able to ex­pli­citly select different data centres.

Go to Main Menu