But of all the challenges the data centre industry faces over the next few years, Brexit is, perhaps surprisingly, the least of our concerns. British firms and the UK Government are hopefully leaning towards pragmatism and avoiding unnecessary complexity. It is highly likely, therefore, that the UK will adopt the same data control laws as exist in the EU currently, meaning that there will be no difference for the major US tech players in where their data is stored.

It is true to say, of course, that restrictions on the free movement of labour may drive up the cost (and reduce the availability) of labour, but this tends to impact the lower skilled ‘commodity’ roles (e.g. within the hospitality sector) and will therefore have little or no impact on data centres.

Indeed, for all of our predictions for the future, most are likely to have a positive impact on the data centre industry of tomorrow. Consolidation of data centres, for example, continues at a pace, and this will include more pan-European deals as the maturity of the market and expansion of clients continues. This in turn will add to an increased focus on achieving best practice.

Best Practice

Whilst there is yet to be a ‘one-size fits all’ set of standards, best practice levels have risen markedly across the UK in the past few years. Bodies such as the Data Centre Alliance have been key to promoting the need for best practice, complemented by the commercial imperatives of the co-location data sector segment looking for a differentiator in order to attract new clients. The updated European standard for data centres (EN50600 – Information Technology – data centre facilities and infrastructures) will also drive an increase in best practice adoption rates.

Leading on from this, the increasing density of IT equipment is similarly prompting closer attention on performance against best practice. As a case in point, ABM Critical Solutions recently upgraded one of its client’s data centres (the customer is a major high street retailer) following the client’s investment in new IT. The retailer is now able to generate the same IT computing power using only 25% of their previous space occupied by the ageing IT infrastructure.

Best practice is similarly enabling a focus on insurance, and driving down the cost of premiums. There is already evidence that insurance companies recognise that data centres that adopt best practice inherently contain less risk, and therefore adjust premiums directly. Allianz, for example, appears to be taking the lead in this area, and we predict that others are likely to follow once the idea fully takes hold.

Living on the Edge

From a technology perspective, ‘Edge’ data centres will become increasingly important as high-speed networks such as 5G are rolled out (5G is currently expected in 2020). We predict a real growth opportunity in this type of facility, especially where the big data centre players don’t have a presence, or there is demand from a specific market niche. The Internet of Things (IoT), Virtual Reality (VR) and 5G will lead to a massive growth in the world’s data centre volume, and a key opportunity for data centre providers and service companies alike.

We also predict a period of evolution in the way services to data centres will be delivered. There is already an increased demand for companies to provide a full complement of services based around a core expertise or skilled workforce. This is being driven, in part, by a desire by data centre operators to manage a smaller number of external suppliers, wherever possible, to reduce costs.

By way of example, ABM Critical Solutions is now using the same teams that complete its technical cleans to also undertake simple, additional tasks such as cleaning CRAC units and changing filters. AC engineers are expensive, and this allows their time on site to be more productively utilised in areas where their skills can be better deployed. In this way, service providers will be able to deliver greater value, while supporting their clients’ need for greater operational efficiency.

The survey of Belgian, quoted companies that LCL ordered, shows that data security is not seen as essential within IT governance, not even with quoted companies. For instance: with only one data center, in case of a disaster, you risk losing absolutely all your data. After your power shuts down, your company does too. If you really want to be safe, at least 30k’s should separate both data centers. Moreover, best practices dictate that one should separate the development environment from the production systems.

The survey produced some eye opening results

The CIOs and IT managers of 168 Belgian quoted companies took part in the survey. Of these companies, 87.5% felt they were protected from disasters such as fire or lengthy power cuts. Surprisingly, these respondents said that this was ‘because power cuts rarely happen’. The fact that they also have a disaster recovery service also added to their sense of security. Just 5% of respondents indicated that their organization was ‘reasonably protected', while 7.5% said that their organization had inadequate protection. This final group stated that in the event of a disaster it would not be possible to guarantee the continuity of the organization.

However, when asked whether their systems are also tested by switching off the electricity supply, only 3% of respondents answered yes. This means that a full 97% of respondents will effectively ‘test’ their backup systems for the first time when a disaster occurs.

“Our conclusion is that Belgian listed companies have a false sense of security,” Laurens van Reijen, LCL's Managing Director, said. “Many of the smaller listed companies, and some of the larger organizations, are not adequately equipped to deal with power cuts or other risks. They don't even know how well-protected their systems are, as they don't test their power backup systems. All organizations, and quoted companies in particular (in the context of corporate governance), should have all the protective systems they need to guarantee that the servers are dependable 24 hours a day, 7 days a week and they should actually test these systems on a regular basis.”

More than half of the listed companies store their data internally at the head office. One tenth of them rely on their own server room or a data center at another location owned by the company. A total of 44% of the respondents have a server room that is less than 5 m² in area. In this kind of set-up it is clearly impossible to include appropriate protective measures or specialized staff.

That said, most of the respondents do not have a second data center: 53%. That means, they have no backup in case of fire or theft of the servers. At the same time, half of the listed companies included in the survey have plans to outsource activities. At one third of the quoted companies that have a second data center, the second data center is located less than 25 km from the company's first data center. A major power cut is therefore likely to affect both data centers, which means the back-up plan will not be very effective.

“And yet business continuity is a must for virtually every business today,” Laurens van Reijen added. “The rise of digital technology has led to more and more business processes being digitized. Digital technology is being adopted in new, disruptive business models more than ever before, and these business models are thus dependent on the availability of the IT infrastructure. Shutting down servers in order to carry out maintenance work is no longer an option, as customers also need to be able to visit the website at night to submit orders. And as we have seen recently in Belgium at Delta Airlines, Belgocontrol and the National Register, a server breakdown can cause serious problems.”

“What are the odds that the current mentality – we all trust that all will go well - will change in the short term? Only a minority of companies interviewed said they were planning to set up a second data center. If we really want change, it will have to be directed by the Belgian stock exchange control body: FSMA. So in the best interest of our Belgian quoted companies, for the sake of their business continuity and employment - not to mention the shareholders who want return on their investment; data loss will almost certainly cause share devaluation - we call upon FSMA to issue a new guideline for quoted companies. A guideline pushing quoted companies to have a second data center, and to either thoroughly test all back-up systems, including power backup, or to confide in a party that does just that for them. It’s a pain in the lower back part, but  people will not move unless they have to”, Laurens van Reijen concluded.

About LCL

LCL has many years' experience and know-how in data centers and colocation. The company has three independent data centers: in Brussels East, Brussels West and Antwerp. The Belgian IDC-G member is ideally located in the center of Europe.  At 4 miliseconds from Amsterdam and 5 miliseconds from London and Paris in terms of round trip latency, LCL is a vital link in IDC-G’s international data center network.

LCL has clients in a wide range of sectors. Multinationals and small and medium-sized enterprises, government bodies, internet companies and telecom operators all call upon the services of LCL. The company is ISO 27001 and Tier 3 certified. LCL also opts resolutely in favor of sustainability and is 14001 certified.

Laurens van Reijen, LCL’s CEO, is a seasoned data center professional. He was a founder and Operations Director at Eurofiber before founding data center company LCL in 2002.

For more information:

More intelligent and fulfilled employees

While there are understandable concerns over the impact of technology on jobs, we think the future is positive. The IoT is going to create more intelligent employees, allowing them to access huge volumes of data to make more informed decisions. They will need help in this task from advanced machine learning and Artificial Intelligence techniques, which will help make sense of the data and discover patterns. Furthermore, the IoT going to make work more flexible, rendering the traditional office space increasingly obsolete.

The rise in IoT-enabled devices, such as smart glasses, wristbands and powerful tablets, will equip workers with the tools to perform better. Just imagine how much more successful an aircraft engineer would be wearing connected smart glasses, enabling information on the plane to be fed into their field of vision while they fix a problem. We are also seeing products such as industrial smart gloves emerge, which can speed up assembly line processes by enabling workers with hands-free scanning and documentation of goods. The same principles apply to corporate leaders; think about how much more productive a boardroom meeting might be if directors had a constant stream of real-time data flowing to them from around the business which can be used to the company’s advantage.

More efficient business processes

The expansion in data can bring benefits for organizations, allowing them to better understand customers and make more informed decisions. Take banks as an example. The proliferation of connected devices means that financial institutions have more information at their disposal, allowing them to conduct more rigorous market analyses.

With IoT and M2M technology, banks can access data from across customers’ value chain. M2M sensors are set to enhance underwriting processes, since banks can better track physical performance of individuals, the shipping of goods and manufacturing quality control.  Better informed lending decisions are also possible, since powerful IoT sensors can monitor the condition of retail, agricultural and manufacturing businesses.

Making security a priority

While we’re optimistic about the future of work, there is a major obstacle – and that’s getting the cyber security right. The IoT is going to lead to an expansion in data, while the rise of mobile working is going to place more pressure on company networks to deliver cloud-based systems. Vulnerabilities could allow hackers to cripple organizations, potentially seizing control of organizational AI systems and wreaking havoc. We’ve covered real life examples of this on our blog before.

With cybercrime projected to cause losses of $2 trillion by 2019, companies need to develop strong identity management systems, as well as deploying tools like encryption and tokenization to combat cybercriminals. In addition, businesses running IoT projects will have to do more to ensure the identity of their connected machines and the sensors they are attached to, and the integrity of the data they are producing. After all, if a business will be using this data to make informed business decisions, they had better be sure the data is correct.

Clearly, the IoT is set to radically change the way we work, encouraging employees to make better use of data and pushing cyber security to the top of the agenda in the boardroom.

So, there has been plenty of opportunities to hear about cybersecurity in the media, even in Parliament. But, what’s the lie of the land as the half year mark gets closer? Attending both major public and private events on security, the prognosis is the industry is becoming more mature and less manic but there remain some challenges to still address.

Threat Intelligence Sharing Is REAL

Cybersecurity vendor collaboration is becoming a real benefit for customers. The Cyber Threat Alliance (CTA), of which my company is a founding member, brought into the fold more vendors to share vital threat intelligence and apply to this to tackle cyber threats much more effectively.  As a result, every major security vendor is now a member of the alliance, working together to help our joint customers in the challenges they face. 

However, what is really ground breaking about how the alliance has grown is how the CTA has committed itself to the ongoing development of a new, automated threat intelligence sharing platform. This could be transformative for how threat intelligence sharing delivers a real rather than theoretical blow to threat actors and their exploits.

This new platform automates information sharing in near real-time to solve the problems of isolated and manual approaches to threat intelligence.  It better organises threat information into “adversary playbooks” focused on specific attacks, increasing the value and usability of collected threat intelligence. This innovative approach turns abstract threat intelligence into real world action and lets users speed up information analysis and deployment of the intelligence in their respective products. This kind of collaboration strengthens the industry and makes cyberattackers’ jobs more difficult.

The Endpoint is at the Sharp End of Technology Innovation 

Awareness of how legacy antivirus approaches do not work has arrived and more organisations are actively seeking alternatives. Hardly surprising when endpoint security was such a buzz at the events earlier this year and there are lots of approaches being presented. The most intriguing alternative to me is one that not only checks for compliance in antivirus replacement boxes, but is also natively integrated with the rest of the network security stack. As 2017 rolls on and organisations realise the magnitude of responding to cyber threats and complying with the tougher structures on data protection set out by GDPR and NIS, there is going to be a trend towards solutions with the native ability to integrate newly discovered threat intelligence into the platform with a minimum of human intervention. This is the only way to deal with both the floods of threat alerts most organisations receive and the growing number of endpoints connecting to networks. 

Do Point Products Still Reign?

There is a varied ecosystem of security products targeting new threat vectors and techniques. This is no surprise but while new thinking and innovation are vital, an ad hoc approach to building a cybersecurity infrastructure doesn’t give organisations the complete visibility into their risk posture they need to prevent attacks. The feedback that I get from CISOs and others is point solutions have some value but they don’t interact.

Orchestration is a term that’s going to become more frequently heard in 2017.  So, expect more vendors to claim they have found ‘THE’ solution for managing a mixed-vendor cybersecurity environment. While each company’s claims of supporting heterogeneous security, as an industry we must do better in delivering natively engineered security platforms in which many of the capabilities delivered by a point product have been integrated into the greater whole. If done well, this can be much more beneficial solution.

We need more cybersecurity people!

As threats become more common and damaging, and the legal requirements on organisations to protect their users for cybercrime become more exacting, we are exposing a shortage of ready-to-go cybersecurity expert talent at all levels.

If you boil down much of the current debate about cybersecurity, finding ways to identify, hire and budget for more staff is the number one concern for government and business.  This nut has to be cracked but there is a twin track approach that needs to be followed.

On one hand, we must encourage more cybersecurity learning within the education system.  People are interested in these kind of jobs – indeed, almost 1250 people applied for the UK government’s 23 cybersecurity apprentice positions. Therefore, we need to fund more of these initiatives whether within universities or more practical training within the workplace. The new proposals of T-levels also could be a vehicle for getting more cybersecurity into the school curriculum and technical education system. 

Although training the next generation of cybersecurity experts is vital, we need more cybersecurity capabilities today and to enable the preventative strategies that are best able to protect organisations from cyberattacks. So, expect more organisations to evaluate how machine learning and artificial intelligence can be used alongside greater automation of cybersecurity processes to drive effective prevention strategies.

Over the last ten or more years we have seen tremendous changes in how our societies and economies have become more digitised. And, threats to these new ways of working and living our lives have not been unusual. So maybe one of those past years might have felt significant but, three months in, 2017 has got a strong claim to be transformative year for my industry. Or, at least until 2018 begins. 

8.     And, finally, what might we see in the software/connectivity space?

We have just launched our Riello Connect cloud service to enable our service team and the client to monitor their UPS’ performance in the cloud via PC, laptop or smart phone. This replaces our old telenetgaurd service, and existing clients are being migrated across to the new service throughout 2017.

9.     And how is the service side of the business developing?

Service and maintenance is aways an important element of the the life of any UPS, and the maintenance contract is at the heart of this. Over the years, I have heard horror stories of clients selecting a third party service company that on the face of it, offers superb SLA’s such as 2 hour response. The problem is that, yes they do respond within two hours but not with a qualified engineer but with a tradesperson such as a plumber! So the SLA is met, but the UPS is still down and it could be like that for days.

Riello is looking to change this by giving clear and achieveable SLAs in response time but also in fix time, with pentalties for Riello if we fail to meet our own SLAs. Riello’s new contracts will benefit the client more than benefiting Riello, which demonstrates another area where the business is striving to offer outstanding customer service. 

10.  Moving on to less product-specific topics, what are the main challenges facing today’s UPS manufacturer as the data centre design changes and the IT workload is also evolving?

The main challenge for any UPS manufacturer is to have an efficient product across all possible loads. When technology such as virtualisation was first introduced a UPS which was sitting a 70 per cent load would suddenly drop to 30 per cent. Quite rightly, the client wants their UPS to be efficient at low loads as well as high loads which is where the modular UPS comes into its own because of the flexibility to power up or power down individual modules.

11.  Is energy efficiency beginning to move up the agenda?

Energy efficiency has never really been off the agenda. At the end of the day, no data centre owner or manager wants an inefficient product because it wastes money and hits the bottom line.  

The real issue is ensuring that the product you buy is efficient across all load levels.  You can’t rely on the Carbon Trust’s Energy Technology list (ETL) because it allows a lower UPS performance at low loading, which is not right. A recent survey of 3000 customers conducted by Riello revealed that more than 75 per cent were running under 40 per cent load, with the majority around the 20 per cent load mark.

12.  And how will IoT and artificial intelligence impact on Riello’s business – both in terms of how the company is/will use it, and also how it is changing the data centre environment, and hence the UPS requirement?

The IoT and AI are great technical advances which will no doubt impact on the way we do business and run our lives, but its implementation at Riello will be carefully considered before jumping in. The reason behind this is customer service. If you automate too much, you lose customers. People like to deal with people – for example, how many times have you called a utility company or a telecoms company and pressed so many buttons / listened to so many automated messages and been left on hold for so long that you want to scream and never deal with that supplier again. At Riello UPS, we recognised this pitfall and when someone calls our office, they speak to a person after the first department selection. We do not have voicemail, we want to speak to our clients. That’s why we will consider new technologies and ensure we only implement the ones that enhance customer experience. 

13.  Everything seems to be going modular in the data centre – is this true for UPS as well? 

Absolutely, modular is very popular because of the flexibility and reliability with built in redundancy and lower TCO. Our R&D department are busy developing new additions to our modular range. 

14.  And how does Riello address the growing trend towards edge computing and micro data centres? 

Data centres and computing technologies have always changed, but whether it was an old IBM Mainframe from years gone past to modern micro datacentres, the common thread is they need secure clean power. The question is how much power, and as UPS manufacturers, our range covers from 400VA to 6.4MVA, so we will have solution for whatever happens in the IT industry.

15.  With all that’s going on in the data centre space, do you think that the definition of ‘power resilience’ will have to change from the standard definitions as found in the Uptime Institute’s Tiering levels?

In short no, the tier structure gives clients a basis to work from and an understanding of the risks. In essence, a single UPS offers some protection, but if your application is more critical, then you need redundancy.  If it is even more critical, then a higher tier is required. Resilience is really risk mitigation, it’s the level of ‘insurance cover’ you need to to keep your business or data centre going. You could look at the tier structure as insurance categories, Tier 1 being 3rd party only with an excess and Tier 4 being fully comprehensive with no excess.

16.  Can you share a recent data centre customer success story with us?

Success stories are hard to identify or quantify within the UPS industry. If they are installed and work efficiently, that’s great, when they fail it’s a problem. I think success from Riello’s perspective, is when we go beyond a customers expectation. Last week, we got a call from a small but very critical application involving a utlity. Their old 15kVA UPS had failed and was beyond repair - they called Riello to see how quickly we could get a 15KVA UPS to site. We took the call at 10am and the UPS was despatched an hour later and was onsite and installed at 2.30pm the same afternoon - that’s four and half hours from start to finish - and that is what we look at as a success, a very happy customer.

We asked them about GDPR preparation and found that that 21 per cent have no understanding of the impending General Data Protection Regulation (GDPR) being introduced. A further 42 per cent in the UK have considered some aspects of the GDPR but not the pseudonymisation tools that the legislation recommends and approximately, one in five of those that have studied the pseudonymisation requirements admit that they are having trouble understanding it.

As a result, the panic is upon us and it is guaranteed that there is a senior executive losing sleep somewhere over the impending regulation. However, while the GDPR will force organisations to ensure compliance and reduce the risk of a data breach, it will also help them to usher in a new wave of IT innovation. In fact, as organisations look at how they store, manage and secure data as part of compliance demands, there is a real opportunity to think about how data can be better used.

So, what are the steps that businesses need to take to comply by 2018 and hone innovation?

A data first approach

While data masking provides organisations with a tool that fits key challenges emerging from the GDPR, businesses must apply it with a “data first” approach that involves greater awareness of how data changes and moves over time, and how to better control it. Specifically, businesses will be most effective in achieving pseudonymisation through masking if they address the following questions:

Where is your data?

Enterprises create many copies of their production data for software development, testing, backup, and reporting. This data can account for up to 90 per cent of all data stored and is often spread out across multiple repositories and sites. Businesses that understand where their data resides – including sensitive data located in sprawling non-production environments – will be better equipped to allocate protective measures.

How do you govern & deliver your data?

Although many large organisations now have Chief Data Officers there is confusion over who owns data protection, with the responsibility often being shared between compliance, risk, security or IT executives. Even those that do have them, may not have adequate control over how data is moved and manipulated. That’s because individual business units – each with their own administrators, IT architects, and developers – often define data-related processes at the project level, with little or no corporate policy enforced or even available. Businesses addressing the GDPR must take steps to regain data governance and introduce tools that drive greater visibility and standardisation into processes such as data masking. GDPR does recommend the appointement of a Chief Data Protection Officer, which will go some way towards providing a consistent view across an enterprise. However, without the right tools, it’s an overwhelming task.

Current approaches to delivering data are highly manual and resource-intensive, involving slow coordination across multiple teams. Adding pseudonymisation to already cumbersome data delivery processes only adds to this burden and enterprises often end up abandoning efforts to make technologies like data masking work. One way this is being solved is by combining data masking with new data delivery platforms. Using these, businesses can simplify and automate the management and delivery of data, placing data masking into that automated workflow to ensure that masking is repeatable and an integrated part of the delivery process.

What role does pseudonymisation play in GDPR compliance? 

The GDPR contains an express legal definition of ‘pseudonymisation’, describing it as: “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, if such additional information is kept separately and subject to technical and organisational measures to ensure non-attribution to an identified or identifiable person.”

Put more simply, the GDPR explains that pseudonymised data is data held in a format that does not directly identify a specific individual without the use of additional information, such as separately stored mapping tables.

For example, “User ABC12345” rather than “James Smith” – to identify “James Smith” from “User ABC12345”, there would need to be a mapping table that maps user IDs to usernames. Where any such matching information exists, it must be kept separately and subject to controls that prevent it from being combined with the pseudonymised data for identification purposes. Data masking and hashing are examples of pseudonymisation technologies.

How do you deliver pseudonymisation via data masking?

Data masking essentially means the ability to replace a company's sensitive data with a non-sensitive, "masked" equivalent while maintaining the quality and consistency needed to ensure that the masked data is still valuable to operational analysts or software developers. Although vendors have provided this technology for some time, the GDPR, which becomes law in 2018, dramatically elevates its relevance and importance.

Data masking represents the de facto standard for achieving pseudonymisation, especially in so-called non-production data environments used for software development, testing, training, and analytics. By replacing sensitive data with fictitious yet realistic data, masking solutions neutralise data risk while preserving the value of the data for non-production use.

There is a falsely held view that encryption satisfies GDPR requirements. Encryption certainly is highly valuable for data that is in transit and complimentary to data masking. However, in order for the data to be processed it has to be decrypted - exposing sensitive data to anyone that can access it. The test website in the Kiddicare breach is a good example where real data was used. Subsequently, a breach occurred and the data was stolen.

A new wave of innovation

When tackling these issues, we can take one of two approaches, either wallow in the complexity of imminent legislation or ride on the wave of innovation. Take the millennium bug for example, that also forced companies to review their systems to a deadline. Yet, many used it as an opportunity to transform legacy applications, and the same can apply to GDPR. Especially when CEOs consider the potential cost of GDPR fines. A choice between 4 per cent of global turnover, or investing a fraction of that in modernising data platforms suddenly drives the speed of change. Yes, GDPR may mean new levels of compliance, but it will also provide the opportunity to excel in a data led economy.

The advantage is that compliance, however strict, will undoubtedly result in a more comprehensive approach to data. The new data-driven landscape will pave the way for data-led innovation which has the potential to make businesses more secure, robust and resilient, accelerate business initiatives and ultimately, birth new competitive strategies. Not only will the enterprise be able to make more sense of its data, by default, it will also be able to use those data insights to deliver more value.

Ultimately, we can’t shy away from the consequential shift around GDPR but we can view it as an opportunity to reconstruct and refine our businesses to be better aligned with the digital era. If we think of this as a positive advancement, look closely, and squint with one eye, there’s almost a light at the end of the tunnel. 

As with many NHS organisations, Northampton General Hospital NHS Trust current infrastructure has evolved over time and seen an unprecedented increase in its reliance on IT systems and applications to support the clinical and operational aspects of the hospital, all of which play a critical role in delivering excellent patient care. 

This is a challenge that many hospitals are experiencing and Northampton’s existing data centre was not fit for the demands being placed upon it, with little spare capacity or disaster recovery facility.  This had become an unpalatable prospect for the trust, especially as it could have left them without IT services for extended periods of time.

“We had to increase capacity and start to future proof our data centre infrastructure for the increased demands of mobile computing and data storage,” said Christina Malcolmson, Deputy Director of ICT at Northampton General Hospital NHS Trust.  “We didn’t want to replace the existing DC as it is in constant use and the risks would have been huge – we strategically decided to build a new DC to share the load and bring new features.”

Designed a new modular building

Secure IT Environments was commissioned to design and build a second purpose built data centre as part of a programme to improve security and disaster recovering for the whole hospital IT infrastructure.  This project aimed to help deliver the NHS vision of enabling robust and resilient access, quickly and efficiently, to all patient data, whilst lowering the risk of outages.

The project comprised of an external modular room building to secure 20 x 19” cabinets, ground works, hot aisle capture, N+1 UPS, raised access flooring, Novec Fire suppression and VESDA detection and energy efficient LED lighting. Security doors rated LPS1175 security rating 3 were installed across access points with perimeter security fencing, CCTV and Access Control for added protection.

The new data centre was built to the rear of an existing car park. As a result, the area was cordoned off for the safety of hospital staff and visitors with early morning deliveries specifically arranged to keep disruption to a minimum. Secure IT Environments was responsible for the full build including planning applications, ground works, bringing HV power supplies to the new data centre, commissioning and testing. 

The ground works presented some of the most challenging aspects of the project due to the data centre’s position on the site, slope of the ground and the trenching required to bring essential supplies to the new data centre, in a constantly busy area.

Special attention was paid to water drainage for the room, trenching and back-filling as well as the power supply, which included a generator hook up in the unlikely event that the mains should ever fail.  Northamptonshire has large areas of porous soil, which leads to high levels of Radon gas being emitted into the atmosphere.  Outside the gas dissipates quickly, but it can build up inside, and is lethal, therefore a Radon system was incorporated into the concrete base. 

Great results from a new modular data centre

The project was completed over a 14 week period and now provides a secure and safe environment with full disaster recovery back up.  The data centre measures 80cm² and contains 20 cabinets.  As with all public sector organisations keeping ongoing costs to a minimum is key and one of the ways that Northampton achieves this is its energy efficiency. The configuration of the cooling systems and the hardware efficiency means the site is achieving a power usage effectiveness (PUE) of 1.15.

Malcolmson concluded, “We are in a great place now, and better able to meet the needs of clinical and back office staff at the hospital.  We are to start moving forward with an exciting list of projects to improve the experience of all at the hospital, including the most important of all, the patient experience.”

Owned by Walmart, Asda’s 160,000 colleagues serve up to 18 million customers each week across over 620 stores across the UK as well as online. As a retailer committed to “exceeding customer needs”, Asda wanted to go beyond offering affordable goods to their customers and provide a new service that would bring convenience to their daily lives. 

The answer was toyou, an innovative end-to-end parcel solution. The service works through Asda’s extensive logistics and retail network enabling consumers to return or collect purchases from third-party online retailers across its stores, petrol forecourts and Click & Collect points. This now meaning, a consumer who buys a non-grocery product from another retailer, is able to pick it up or return the item at an Asda store rather than wait for home or office delivery.

In order to implement the service, Asda required a far more agile warehouse and supply chain management system. This new system needed to be hosted off-site so that there was no reliance on a single store or team.

Choosing the right platform

“We were launching a new service, in a new field, on a scale we had never undertaken before. We needed a pedigree IT solutions provider that could support the full scale of our full end-to-end implementation, so CenturyLink stood out to us,” explains Paul Anastasiou, Senior Director toyou in Asda.

Despite the scale of the project, Asda could not risk putting extra pressure on its existing legacy IT system – a seamless and secure transition was required. In addition to this, as a brand dedicated to making goods and services more affordable to customers, keeping costs low as the business model expanded was crucial. As such, Asda chose to outsource the administration of the operating system and application licenses to manage costs, whilst still mainlining a high level of customer service.

What was the solution?

Asda chose a warehouse management software platform from CenturyLink's partner Manhattan Associates. The multi-faceted solution was deployed as a hosted managed solution across two data centres. CenturyLink Managed Hosting administered Asda's operating systems, and Oracle and SQL databases on a full life cycle basis as part of the solution. Asda created its complete development, test certification and production environments for the Manhattan Associates platform on that dedicated infrastructure.

Asda used CenturyLink Dedicated Cloud Compute, which provided Compute and Managed Storage with further capacity to house the data flowing through Asda's business on-demand. The security requirement was accomplished with a dedicated cloud firewall protecting the entire solution.

CenturyLink instituted Disaster Recovery services between the two data centres at the application and database level, as well as managed firewalls to secure the data. CenturyLink also implemented Managed Load Balancing to manage the entire virtual environment and interface to all the linked warehouses.

Despite the scale of the operation, speed was also an important factor. The project took 18 months from concept to implementation.

What were the results?

Asda’s launch of toyou with the support of CenturyLink, has greatly boosted the retailer’s customer service. By moving most of the retailer’s operations to CenturyLink, Asda has effectively launched a huge scale new venture, all the while maintaining the same level of service and value to customers.

What do Asda and CenturyLink have in store for the future?

Asda and CenturyLink are continuing to develop the working relationship and discuss what opportunities could be available as toyou grows and develops to provide a better experience for customers.

What to secure first

Analysts and industry experts including Gartner recommend standardisation on multiple IaaS cloud service providers as a security and availability best practice. For security workloads in public clouds, their top recommendation is a hierarchical list starting with foundational items that fall under operations hygiene (access control, configuration, change management) and then focus on core work-load protection like vulnerability management, log management, network segmentation and whitelisting. Organisations should also be aware not to place too much trust in traditional endpoint protection platforms commonly used in physical/ on-premise deployments. 

Most advice on best practice in this area tends to be focused on workload security, but what are the likely consequences for security operation professionals (SecOp) that have a solid understanding of what success looks like in traditional enterprise environments? What do they secure first? What security technology should they choose? The criteria that should be considered in answering these questions should be influenced by “shared responsibility models” from the cloud service provider as well as common compliance mandates as a start. The next step following this is to identify the most critical assets. The security of access control at the application layer (think databases or other data-driven controls) is equally important, and often overlooked. Every CSP is different and sometimes these models overlap or conflict with existing best practices and corporate security mandates.

Keep Calm, The Experts Advice

I can understand how intimidating this approach can seem to enterprise professionals, but it’s necessary to point out installing software is simply not enough as a security deterrent Businesses should never be afraid to ask for help and seek the aid of security professionals who are subject matter experts and can work with enterprises throughout all phases of a successful security plan. beyond seeking quality assistance... 

Securing the Cloud Workload

Securing the cloud workload must be the first priority. Access controls serve as the basic foundational requirements. Who or what has access should be determined by server workloads. This means having tighter controls over administration access and the utilisation of multi-factor authentication. Having established proper access control, the configurations will have all unnecessary components removed and it should be hardened and configured strictly in line with the enterprises standard guidelines and it must be patched regularly in order to close up potential security holes.

Network isolation and segmentation is another foundational component of workload security. This process of limiting the server’s ability to communicate with external sources can be done either via internal firewalls or the external firewalls on Windows or Linux. While this segmentation is important, enterprises should also closely examine the logging capabilities of their systems. Logging systems allow security managers to keep a close eye on the overall health of a security plan.

A concluding point of concern regarding security cloud workloads is secure code and application control. Applications are a popular avenue of approach for potential attackers and they should be as secure as possible. Even at the very beginning of an application’s life-cycle, security should be kept in mind. Whitelisting should be utilised to limit what executables are allowed to run within a system. This simple step is a powerful security tool as all malware in the form of an executable will be immediately prevented from running. 

Conclusion

Developing a solid workload protection scheme should be top priority for any enterprise utilising cloud infrastructure services. While this should remain a priority, it is not enough alone to constitute a full security plan. Having considered workload protection, enterprises should then go on to evaluate a number of other aspects of their security plan. It is also important to remember that cloud security is a shared responsibility, and no matter what cloud platform you are utilising it is essential to be crystal clear when considering who is responsible for what aspect of security. Responding appropriately to all of these factors will ensure that an enterprise can stop worrying about its security plan, providing them with the peace of mind they deserve. 

It is certainly the case that there is a lot to distract firms right now. If preparing for MiFID II wasn’t enough, the financial services sector is facing the ongoing uncertainly surrounding the UK’s planned departure from the EU and likely withdrawal from the single market. Furthermore, there is speculation about the potential unwinding of existing regulation (most notably the US Dodd-Frank Act), following the new administration taking office in The White House.

However, exciting or daunting (depending on your point of view) the changing political landscape is, it does not affect the requirement for MiFID II compliance. Brexit isn’t a regulation ‘get out of jail free card’ as some have mooted in the past. Even if Article 50 is invoked tomorrow, UK organisations will still need to abide by new EU regulation, whether it be MiFID II or GDPR (General Data Protection Regulation), as both will come into force before the UK leaves, which will be 2019 at the earliest.

The scale of the impact MiFID II will have should also not be underestimated.  The regulation will directly affect a firm’s trading infrastructure considerations on several levels. Most notably, it establishes a new category of execution venue, the Organised Trading Facility (OTF), which aims to level the playing field for the trading of non-listed non-equity instruments, alongside the Regulated Markets (exchanges) and Multilateral Trading Facilities (MFTs) established under the preceding MiFID I (which was introduced in 2007). From January 2018, any firm wishing to participate in these markets must be able to connect to the new platforms, and apply rigorous best execution policies to comply with the new rules, which put simply include…

• Robust records retention
• Pre-and post-trade reporting
• Highly granular time-stamping of orders and trades

The good news is that independent research from the A-Team Group mirrors our own anecdotal experiences, through the ongoing work we are doing with our capital markets customers. It would appear the marketplace is by and large in a state of readiness for MiFID II. 

Recently, Interxion has seen a considerable surge in demand at our London campus. Firms in London are attracted by the proximity of its locations to their base of operations, providing the low latency they require for their execution infrastructure, as well as the appeal of implementing key aspects of MiFID II compliance ‘as-a-Service’. Firms are also expressing a keen interest in various auxiliary services specifically related to MiFID II, namely highly granular time-stamping of trade data (firms must retain records relating to the entire trade lifecycle and be able to reconstruct transactions on request) and additional connectivity to further data sources and exchanges.

By making the decision to access as-a-service tools for MiFID II, the costs associated with the hardware and related infrastructure needed for system monitoring, time-stamping, testing and so on, can be greatly reduced. Meanwhile, some shrewd firms are actively exploring how to optimise their execution processes and ensure MiFID II compliance, to create competitive advantage in the marketplace.

Again, the traction we are seeing echoes that of the A-Team Group survey, in which 60% of respondents saw at least some value in their efforts to comply, while 30% are expecting the cloud to contribute ‘significantly’ to their MiFID II solutions. It is evident that the message from the regulator is being heeded, but more firms need to take a closer look at the approach of their peers. As the saying goes ‘There is doing the right thing and doing things right’! 

To learn more, download Interxion’s free whitepaper: ‘Countdown to MiFID II: Best Execution Brexit and Trading Infrastructure Best Practices’

3. Accountability and Privacy by Design

The GDPR places accountability obligations on data controllers to demonstrate compliance. This includes requiring them to: (A) maintain certain documentation, (B) conduct a data protection impact assessment for riskier processing (DPAs should compile lists of what is caught), and (C) implement data protection by design and by default. This places all of the pressure on organizations to ensure that all future processes are designed with the above in mind. But what about existing processes? What of all the current data stores that an organization has? These will all have to be evaluated and the new regulations applied to their functions and processes.

4. 72 Hours

Business must notify most data breaches to the DPA. This must be done without undue delay within 72 hours of awareness. In some cases, the data controller must also notify the affected data subjects without undue delay. Additionally, the UK ICO, for example, already expects to be informed about all “serious” breaches. Research has shown that most organizations have no formal incident response plan and as such would be unable to meet the 72 hour requirement due to being ill prepared for a breach. This under the GDPR is not a valid reason to miss the required timeline.

5. Fines

All of the above are areas that if not met, and in the event of a data breach, will result in heavy fines. A two-tiered approach will apply. Breaches of some provisions by businesses, which law makers have deemed to be most important for data protection, could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater, being levied by data watchdogs. For other breaches, the authorities could impose fines on companies of up to €10m or 2% of global annual turnover, whichever is greater. This will result in many businesses being forced out of business as a result.

A bridge between FM and IT

 For colo data centres DCIM forms a bridge between facilities management and IT operations by providing a single, comprehensive view of both areas. It monitors the use and energy consumption of IT-related equipment and facility infrastructure components. The decision by colo data centres to adopt DCIM tools marks a significant shift in attitudes. Three to five years ago, quantifying the value of DCIM was difficult, and the tool itself was seen as more of a luxury than a necessity for small- to mid-size businesses. 

Today, DCIM represents a win win for both colo data centres and customers alike. For customers, operating with a colo data centre provider will allow them to customize their data centre processes to meet specific workflow needs. This ensures that DCIM solutions will provide maximum benefits and reduce the risk of roadblocks in data access and use. DCIM tools will provide companies flexibility to adjust operations quickly. This will permit a company to increase analytics and the workflow substantially as required and reduce operations when they don’t need optimal analytics power.

As increased competition is driving market consolidation, data centre managers are recognizing the importance of tools such as DCIM to their own organizations and the benefits it can bring to their customers. DCIM is now seen by many as being business critical not only to remotely manage and benchmark multiple colo data centre sites but also for the security of those sites. Datacenter Clarity LC, offered by Siemens, is a good example of DCIM software and how it can enhance the customer experience as it accurately and efficiently manages the colo data centre infrastructure. The software provides real-time visualization of asset attributes and powerful tools to determine the most efficient data centre configuration. It is based on proven industry-leading software in lifecycle management and features real-time monitoring that offers global coverage and stability. 

The real-time monitoring of assets is an essential feature of Datacenter Clarity LC. Sensors and powerful data collector software are used to acquire operational and environmental data throughout the data centre. Real-time monitoring with Asset management ensures that energy, equipment and floor space are used as efficiently as possible. With DCIM, colo data centres gain live, actionable data that allows immediate response and better control of their facility and customers IT assets. 

Integrating third party

 With the data centre, market consolidating the fusion of multiple business systems is common place with an ever-growing need for the DCIM to integrate with third-party vendors. Having an open protocol interface to facilitate such integration is important as data centre managers are increasingly recognizing that such DCIM integration can provide competitive advantages. Today colo data centres are readily investing in DCIM systems as it is seen by both data centres and customers to be one of the most important tools needed to complement any data centre facility infrastructure. It can be described as the command centre with the software providing a comprehensive overview/transparency for making decisions based on real facts.

The integration of multiple business systems, a frequent requirement during mergers and acquisitions, also means that the system capacity of colo data centres must be scalable and effectively managed and delivered on a global basis. Critical functions such as rack space, power, cooling and network connectivity, require close oversight which is achieved through a KPI-based client dashboard. However, asset moves, adds and changes (MACs) can create an imbalance in capacity utilization and can result in stranded assets - unidentified and underutilized capacity on some servers while exceeding resources on others. Without clear insight into available capacity, operators could invest in unneeded assets while others sit underutilized. The result is a negative impact on profitability at a time when capital is needed for growth. To better manage such capacity issues, colo data centre operators can utilize DCIM tools that will reduce costs and improve capacity utilization. With sophisticated tracking and reporting capabilities, DCIM allows colo data centres to accurately assess capacity levels of all of their assets. IT managers better control capacity and workflow to maximize usage. Facility managers can maximize environmental conditions to help prevent costly downtime. 

Billing on actual usage

 DCIM systems offer another important advantage: real-time billing. Real-time billing improves customer transparency and is a tremendous advantage for accurate billing and budgeting. By tracking customer usage in real time, operators invoice customers based on actual usage. This may sound counter-intuitive to the traditional method of billing customers at a set fee. For customers, it gives access to new levels of data that will allow improved planning and perhaps expanded usage. Most importantly, customer satisfaction increases.

While costs for DCIM systems will vary depending upon the capabilities required to address particular challenges by the colo data centre, perhaps it is more relevant to examine the added value that DCIM can provide. The ideal scenario is when a colo data centre agrees with their customer the level of access and clarity given to them into the data centre to monitor power consumption or real-time data gathering. It’s also important for colo data centres to understand that they need a process for DCIM. Without that, DCIM as a tool will not create a process for the business. This is key, as colo data centres expect to achieve full return on investment (ROI) on their DCIM system investment in two to three years or even less.