Issue link: https://cp.revolio.com/i/457819
www.datacenterjournal.com 26 | THE DATA CENTER JOURNAL t he result is cost effective moni- toring capabilities that provide powerful information for improved data center operation. However, if not carefully archi- tected, these solutions can also provide an unintended backdoor into your secured information technology (IT) environment. the soLution Became the proBLem e information provided by today's advanced control and monitoring systems helps reduce preventable, unintended downtime. Monitoring the critical infra- structure systems that support the data center environment allows real time or predictive notification of potential prob- lems. is information gathering, transfer, and delivery helps mitigate data center downtime. e increase in the popularity of data center infrastructure management (DCIM) over recent years is one example of how such information systems have grown significantly in their importance. Such solutions support efforts to improve the availability of critical information re- quired to ensure uptime in high availabil- ity data center environments. Studies have shown that those who properly implement a DCIM solution oen realize reduced system downtime. Moreover, properly implemented DCIM users have also expe- rienced improved speed to recovery in the event that a failure occurs. e evidence clearly points to reduced downtime by making critical information available to data center operators. Cost performance of DCIM solutions have also been dra- matically improved due to technology ad- vances in the industry. Some of these cost performance increases have resulted from the use of non-proprietary, open protocol implementation in the HVAC and critical power industries. Open protocol solutions, which have been long fought by proprietary solution providers, have been a big win for the industry. e market competi- tion introduced by open protocol systems have driven costs low enough to allow for very powerful information collection systems to be deployed cost effectively for solutions that would be not have been considered a decade ago. However, as the term itself would imply, open protocols mean that there is a level of openness that leaves improperly configured systems vulnerable to security holes. One such example would be the in the widespread use of the SNMP protocol. e ability to standardize communication protocols pro- vides tremendous benefits, there are some very well documented vulnerabilities that result from the use of an open protocol such as SNMP. Vulnerabilities in open protocol systems are not limited to the SNMP protocol. Rather, by the nature of its open structure, this problem exists with most open protocol solutions. e HVAC and power engineering community is relatively new to specifying architecture around open protocol solu- tions with respect to protection against security risks. As a result, insufficient at- tention is placed on prevention of security breaches created by network connected HVAC and power systems. One reason for this is the proprietary nature of designs of past years. Legacy systems, refer- ring here predominantly to proprietary protocol based systems, allowed for an inherently secure solution. Oen, legacy designs incorporated physically separate control networks and information that was unintelligible to non-proprietary equip- ment. As Ethernet and TCP/IP based solutions became more popular, the use of enterprise network systems also became more popular as a cost saving measure over deploying two physically separate networks, one for IT and one for control and monitoring systems. reaL cyBer attack risk A quick look at nearly any firewall log will provide evidence to the live threat faced by any device connected to the internet. Network equipment may experience thousands or more hits daily from predators seeking to attack IT criti- cal support systems. Many studies have been performed on the cost of unintended downtime due to equipment failure. What is not as well studied currently is the cost of unintended downtime associated with cyber attacks. Recent reports of cyber attacks published by the news media have brought attention to the fact that the costs associated with this mode of downtime are not insignificant. e repair bill as- sociated with a cyber attack may be many orders of magnitude larger than failure caused by simple equipment failure. e direct costs of a cyber attack may include manpower to recover from downtime, but there are also indirect costs associ- ated with impact to corporate image (and the loss of customers as a result) and a plethora of possible regulatory compliance issues. As with most complex problems of this nature, preventative measures against cyber security threats may be the most cost effective insurance against a costly security breach. Failure of power and cooling systems remains the largest cited cause of unintended data center downtime. While the root causes may vary, it should be undisputed that improved control and monitoring is instrumental in supporting the goal of reduced downtime. Advances in technology, global market competition, and adoption of open protocol solutions have dramatically reduced the cost of monitoring.