Data Centres Architecture & Security

    If we burn all the data that we now have on compact discs, the resulting stack will go beyond the moon. It has been estimated that on planet earth four babies are born every second, whereas 40 mobile devices get sold every second

    Anoop Verma, Elets News Network (ENN)

    Since the arrival of social networking there has been a phenomenal growth in data traffic. Number of users is on the rise and many different options to transact data have become available. A significant part of any organisation’s IT budget is being spent on storage. To deal with the data explosion, companies like Airtel, Reliance, Tata, Sify and other telecommunication service providers have been rapidly expanding their data centre capacity. Several hundred square feet of data centre space has been added in major metros like Mumbai, Delhi, and Bangalore. Many companies in India are using the data centres created by hosting providers such as Netmagic and CtrlS that are being funded by strategic investors. Large players like Tulip Telecom, BSNL and MTNL are also vying for a significant slice of the data centre market.

    The government vertical is a key contributor to the data explosion. Under the National e-Governace Plan (NeGP), the Government of India plans to make large number of services available to the common man through online systems. To provide secure IT infrastructure to host state-level e-Government applications and data, many new State Data Centres (SDCs) are being created. As data centres are home to valuable information, security is an important issue. “With huge computational capability present within the data centres, the security tools need to be able to cope up with the network traffic which can range from Mbps to Gbps. The Vendors within the security market offer a lot of products in hardware/software mode which provide perimeter defence, network defence, host and application defence capabilities such as, Context aware Network Firewalls, DDoS mitigation mechanism, and much else,” says Sumeet Parashar, India Lead, Global Security Solutions, CSC. The UIDAI initiative launched by the government of India is absorbing many petabytes of data in every region. To secure and process the data collected from millions of citizens, the UIDAI operates a highly secure state of the art data centre in Bangalore. According to UID officials all the data collected from individuals at the enrolment centres travels in 2048-bit digitally encrypted packets all the way to the data centre. According to R S Sharma, Director General & Mission Director, UIDAI, best-in-class strategies from the technology perspective have been employed to keep resident data secure within UIDAI data centres.  R S Sharma says, “Security and privacy of data within Aadhaar system has been foundational and is clearly reflected in UDIAI’s strategy, design and its processes throughout the system.”

    Efficiency and Security in Data Centres Rajgopal Srinivas, CEO, Tulip Data Centre Services Pvt Ltd

    Should companies go in for in-house data centres, or should they rely on buying capacity from external data centres?
    Outsourcing data centres offers significant value for any organisation. Companies can go in for their own data centres only when their requirement is very large, of around 10,000 sq ft. The organisation has to make large capital investment for creating a data centre. There is significant rise in the number of companies seeking data centre services as there is increased adoption of IT enabled services and applications.

    How do we create an energy efficient data centre? What is the optimum temperature for data centres to run?
    In case of data centres that are 2 years old or older, every 100 racks consuming an average 4Kw per rack could end-up saving 2.2 crores on power alone in energy efficient data centre. The power savings can actually pay-up the capex invested in a DC facility in about 6 years. Data centres can achieve up to 20 percent efficiency during design phase, by choosing to implement cold aisle containment and many other technologies. One should choose optimum temperature based on the ambient temperature outside the data centre.

    What kind of disaster recovery plans should a data centre have?
    Indian enterprises are becoming more mature in their disaster recovery investments, and also may be because enterprises see this impacting their business continuity and compliance to statutory requirements. The recent natural disasters in Japan and Australia have forced companies to make plans for disaster recovery. We offer infrastructure level services to enable BCP/DR, such as mirrored storage, digital back-up & archival services, computing on-demand and space for temp IT establishment.

    What kind of data centre capacity will India require in ten years of time?
    Gartner forecasts India to be among the fastest-growing IT services markets in the world, with an expected end-user spending CAGR of 17 percent during 2010 through 2015. Data centre outsourcing services are expected to grow at 15 percent CAGR in the same period.


    R S sharma

    Director General & Mission Director, Unique
    Identification Authority of India (UIDAI)

     “Security and privacy of data within Aadhaar system has been foundational and is clearly reflected in UDIAI’s strategy, design and its processes throughout the system”


    The Data Centre Crunch
    In January 2012, Oracle released a report entitled Next Generation Data Centre Index Cycle II. The report reveals that many businesses have been caught off guard by the boom in ‘Big Data’. The report states that between 2010 and 2011 there was a rise from 40 percent to 60 percent in the number of businesses using external data centres. The number of businesses looking forward to building new data centres has also risen from 27 percent to 38 percent. The research conducted by Oracle indicates that the volumes have soared from 135 Exabytes in 2005 to 2,720 Exabytes by 2012. By 2015, the volume is expected to reach a staggering 7,910 Exabytes.

    Due to rapid miniaturisation of technology, it is now possible to have a highly efficient data centre of up to 20 petabytes of storage capacity in a storage space of less than 2000 square feet. So it is possible for a data centre to occupy one room in a building of one or more floors. The most important equipment in a typical data centre consists of servers, which are usually mounted in rack cabinets and filed in single rows forming corridors between them. Microsoft’s massive data centre, located in Chicago, looks like a large indoor parking lot filled with a number of parked trailers, each of which houses anywhere from 1,800 to 2,500 servers. In February 2012, Tulip Telecom launched India’s largest data centre in Bangalore, the Tulip Data City (TDC), which sprawls across more than 900000 square feet. Once it becomes fully operational, it could start earning revenues in the tune of Rs. 1000 crore annually.


    Surajit Sen

    Director, Channels, Marketing & Alliances,
    NetApp India

    “The Indian data centre capacity is poised to touch 6.6 million square feet by 2016, with service providers driving majority of the growth”


     

    THE LEGAL view on Data CentresPavan Duggal

    Pavan Duggal,
    Advocate, Supreme Court of India, President

    Give us an overview of the laws that govern the storage and transmission of data in a Data Centre.  
    In India, the relevant law that governs the storage and transmission of data in data centre is the Information Technology Act, 2000 as also the rules and regulations made there under, including the Information Technology Rules, 2011.  The Information Technology Act, 2000 is India’s mother legislation dealing with the use of computers, computer systems, computer networks, computer resources and communication devices as also data and information in the electronic form.

    Under Indian law who has the responsibility for protecting the data stored in a data centre?
    The ultimate responsibility of protecting data stored in the data centres is of the private companies that own the data centres.  Responsibility also lies with the company that is storing its data in the data centre.  There is no role of the Government in ensuring protection of data stored in a data centre.

    Do we need new laws to prevent misuse of data, or are existing laws enough?
    We certainly require new laws to prevent misuse of data.  It is pertinent to note that till date, India does not have any dedicated data protection legislation in place.  The Information Technology Act, 2000 as amended is not a data protection legislation. It only has provisions which impacts protection of data.  The existing laws are clearly not enough.

    What kind of legal recourse does a user have if his data stored in a data centre gets leaked/stolen/tampered?
    If a user’s data stored in a data centre gets leaked/stolen/tampered, he has legal recourse available against the person who is responsible for such data breach, should his identity be known, as well as the company running the data centre.  Users can sue the company running the data centre for damages by way of compensation up to Rupees Five Crore per contravention under Section 43 of the amended Information Technology Act, 2000.  If the data stored in the data centre consists of sensitive personal information and the same stands breached, the user can sue for unlimited damages.

    Virtualisation and energy efficiency
    Many new technologies for virtualisation are being used to improve the efficiency of data centres. Essentially, virtualisation is taking a physical server and dividing it into multiple simulated or “virtual” servers, which are like Virtual Machines (VMs) capable of running on the interface of a single server. Basically you are trying to save power consumption by converting physical instances into virtual instances, so you host multiple virtual instances on fewer physical machines. This leads to fewer servers being used more efficiently so that there is lower operational cost and conservation of resources.


    Rajiv Aggarwal

    C.E.O – eGov, Spanco Ltd.

    “Data centres require utility sources such as water, electricity. You should trace the electricity source back to two separate substations and the water source back to two separate main lines”


    “The trend towards server virtualisation and consolidation is transforming the way data centres are being designed, built and managed. Data storage and data management are key elements of this transformation, because successful virtualisation deployments depend upon a shared, networked storage infrastructure capable of eliminating the silos of storage associated with various application tiers. This shift towards a shared infrastructure increases the importance of unified storage and enables customers to achieve storage efficiency rates of 85-100 percent while improving flexibility, increasing scalability, controlling power and cooling,” says Surajit Sen – Director, Channels, Marketing & Alliances, NetApp India.


    Sumeet Parashar

    India Lead, Global Security Solutions, CSC

    “Data integrity is one among the key security objectives within a data centre environment designed to handle huge data repository running into terabytes and petabytes”


    In many cases data centres can typically achieve 30 to 50 percent reduction in total cost of server ownership through virtualisation of existing servers. Transitioning to networked storage and eliminating duplicate environments can also improve efficiency. These days many new data centres prefer the x86 systems as these are meant for server virtualisation and consume lower amounts of power.  According to a prediction by Gartner, “By 2012, it is expected that more than 50 percent of the x86 workloads could be running on virtual machines.”


    Hemant Singh

    Business Manager, Security Solutions, Enkay Technologies (India) Pvt. Ltd.

    “Currently deployed biometrics includes fingerprint, face, iris scan, voice analysis, signature and hand geometry. In India, fingerprint and iris are commonly used”


    Cloud Computing

    “Private cloud solutions equip enterprises to leverage their existing IT environment and create a cloud computing platform in the private internal network. The private cloud model overcomes several challenges faced in the public cloud such as data security, reliability and performance,” Vijay Mhaskar, vice president, Information Management Group, Symantec. According to a recently released study by NASSCOM and consulting firm Deloitte, the cloud computing market in India will reach $16 billion by 2020.

    The need to cut costs is making many businesses to explore the potential of cloud computing. In some cases, local regulations and data privacy restrictions delay adoption, but many companies are trying to find a way out as cloud computing represents a massive drop in costs. The cost advantage of cloud computing depends to a large extent on the efficient usage of existing data centre.


    Vijay Mhaskar

    Vice President, Information Management
    Group, Symantec

    “As more organisations leverage public and private clouds, new tools will emerge to manage this new complex storage environment”


    Securing the Data Centre
    “In modern data centres, the security of data on virtual systems is integrated with existing security of physical infrastructures. The security of a modern data centre must take into account physical security, network security, and data and user security. Though these extra precautions can be costly, it is necessary to have them in place,” says Rajiv Agarwal, C.E.O – eGov, Spanco Ltd.

    As data centres are home to data that is critical to the functioning of many businesses, they are expected to the secure and resilient. All kinds of physical and software based security solutions are used by data centres to meet the ever evolving security demands. The physical environment in which the data centre is housed has to be completely secure to reduce the risk of deliberate or accidental intrusion. To identify the employees who work at the data centre comprehensive identity management and access management tools are used. Biometrics is often used to confirm identity. “Currently deployed biometrics includes fingerprint, face, iris scan, voice analysis, signature and hand geometry. In India, fingerprint and iris are commonly used,” says Hemant Singh, Business Manager, Security Solutions, Enkay Technologies (India) Pvt. Ltd.

    As hackers are becoming savvier by the day, it is necessary have some baseline security measures, like securing the virtual servers and desktops by using antivirus tools and using host- or client-based firewalls. The data centres are also required to have a disaster recovery plan, to ensure that users have seamless access to data even if there is a temporary interruption of services at the data centre. The state of the art data centre owned by UIDAI (Unique Identification Authority of India) in Bangalore is home to one of world’s largest biometric databases.
    When asked about the level of security at the UIDAI data centre, R S Sharma, Director General & Mission Director, UIDAI, says, “There is physical security outside and within data centres with access controls including biometric access control, physical caging, and 24×7 monitoring using cameras. There is logical security by partitioning data centre into “zones” separating them using firewall and network intrusion detection and prevention systems. Data is “partitioned” across multiple security “zones”, meaning “no” single database has all the resident data in completeness.” Securing a data centre is not only about technology, it is also about processes. Along with physical security, biometrics, anti-intrusion ;, firewalls, good governance practices also need to be in place.

    WRITE BACK
    for feedback contact: editorial@elets.in

    "Exciting news! Elets eGov is now on WhatsApp Channels 🚀 Subscribe today by clicking the link and stay updated with the latest insights!" Click here!
    Be a part of Elets Collaborative Initiatives. Join Us for Upcoming Events and explore business opportunities. Like us on Facebook , connect with us on LinkedIn and follow us on Twitter , Instagram.