110 3.3 Other Preventative Controls
3.2.6 Archiving Electronic Files
There are a couple of significant issues to consider when archiving elec-
tronic data files. Legacy documents may not be able to be located or
retrieved due to inappropriate deletion or premature archiving. This can be
as a result of an unsuitable or unenforced retention policy. Also, confiden-
tial data can be lost or stolen while stored offsite, and due diligence must be
performed when choosing the vendor and method by which the data will
be stored offsite.
3.2.7 Recovery and Restoring of Data Files
As discussed previously, saving data on a backup tape or disk should be a
core element of your information security program. There are, however, a
few security issues that should be addressed when managing the security of
the backup process. It is possible for unauthorized parties that use similar
backup software to access and restore your backup data. If the restored data
are not on the designated backup tape or disk, this can result in confusion
and potential loss when the data are restored. It is possible for data to be
lost or overwritten if the restoration from the backup media is incorrect.
There is also a procedural handling issue if the data are found to be corrupt
after being located and restored.
BCP/DRP planning is meant to prepare for all plausible scenarios for
the location of your companys facilities. If there is a credible risk of natural
disaster, terrorist activity, effects of war, and so on in your area, then your
proprietary/intellectual property and other sensitive or mission-critical data
should be protected accordingly. In this case, if unsecured digital data are
left on desks or other nonsecure areas in areas or times of high risk, then the
data should be encrypted. Better yet, unattended sensitive media in high-
risk areas should be stored in locked safes, when at all possible.
3.3 Other Preventative Controls
A wide variety of preventive controls are available, depending on your orga-
nizations unique type and configuration. Some common measures applica-
ble to most organizations are listed below:
Appropriately sized uninterruptible power supply (UPS) systems pro-
vide short-term backup power to all system components (including
environmental and safety controls), and should be required for 24/7
3.3 Other Preventative Controls 111
Chapter 3
operations. UPS systems provide continuous battery uptime for IT
and communications equipment through relatively short power out-
ages, and provide ride-through support for transfer to backup genera-
tors for long-term outages. UPS systems range from the most basic
single-phase units installed in communication closets to sophisti-
cated, scalable, redundant, three-phase, installations in large Internet
data centers.
Gasoline- or diesel-powered generators to provide long-term backup
power. Effective power distribution is key to a highly available data
center. Conditioning can be in the form of isolation and K-rated
transformers (to address harmonic loads), surge suppression, and
other protection features. Various techniques are used to provide
redundant power feeds to create highly available systems for dual and
single cord loads. Methods employed include stationary static
switches, power distribution units (PDUs), transient voltage surge
suppressors (TVSSs), automatic transfer switches (ATSs), rack-based
transfer switches, and more. The nature of todays 24/7 business envi-
ronments requires a continuous and reliable power supply. An emer-
gency backup generator can provide you with a secondary power
source when the primary power is interrupted. Backup generators can
be fully automatic systems that monitor the incoming electricity and
provide an extended secondary power source on loss of primary
power. Backup generator power systems should be designed for your
specific needs, considering the voltages and kilowatt requirements.
Your backup generator system can be customized with larger fuel
tanks for longer run times, bypass options on ATSs for easy mainte-
nance, and sound attenuation enclosures for environmentally sensi-
tive areas.
Air-conditioning systems with adequate excess capacity to permit fail-
ure of certain components, such as a compressor, are required. IT
environment equipment requires rigid environmental conditions for
reliable operation. Precision air conditioning systems and rack-based
air handling systems are specifically designed for the concentrated
vertical heat loads of todays data centers. Data center/computer
room air conditioners provide efficient heat removal, humidity con-
trol, greater airflow, better air filtration, greater flexibility and
expandability, and numerous alarm and redundancy options. You
should not jeopardize your data center by installing comfort cooling
air conditioners. You must calculate the proper tonnage, top dis-
charge, bottom discharge, ceiling-hung, floor-mounted, water-
112 3.3 Other Preventative Controls
cooled, air-cooled or glycol-cooled system that fits your application.
Todays high-density loads provide a unique situation in which the
ability to provide increased power for a given load is curtailed only by
the data center environments ability to remove the heat from that
load. In this case, specialized rack-based air distribution and heat
removal strategies for power-dense enclosures and low static pressure
access floor environments are used. Rack-based air distribution units
work with an existing precision air conditioning system to deliver
cool air to the equipment contained in a rack enclosure. These sys-
tems connect into the raised floor and pull supply air directly into the
enclosure, thereby preventing the conditioned air from mixing with
warmer room air before reaching the equipment. The rack air distri-
bution unit helps to eliminate temperature differences between the
top and bottom of the enclosure. It also prevents hot exhaust air from
circulating to the inlet of the enclosure. It is generally recommended
that a rack air distribution unit for rack enclosures with loads greater
than 1.5 kW should be able to provide airflow for loads up to 3.0
kW. Additionally, it is recommended for raised floor environments,
where underfloor air distribution is inadequate for adjacent IT loads.
An access floor is actually a floor raised above a floor. Its purpose is to
create a controlled area for wire management and air distribution. In
todays computer room environment, many pieces of electrical equip-
ment are being used. Each requires various power cords and data con-
nectivity. You should segment the space within the access floor to
create zones where cords, cables and mechanical piping can be
routed, while still maintaining the necessary clearance to provide ade-
quate air flow through perforated tiles and/or vents placed through-
out the access floor. An access floor is typically constructed of 24"
square and 1 7/16" thick panels of various materials that provide dif-
ferent weight-loading characteristics. The floor panels can be rear-
ranged at any time to suit your data center needs.
Fire suppression and control systems are used in data centers, Net-
work Operations Center (NOCs), server farms, and computer
rooms. Once installed, an automatic computer room fire suppression
system is on guard 24 hours a day to protect your computer data and
equipment. Fire protection and detection is an absolute necessity for
your businesss survival. In the event of a fire, heat and smoke can at
best only damage delicate electronic equipment and at worst take out
the building. A fire protection strategy has two parts: an FM-200 sys-
tem that protects the data center equipment, and a “wet” or “preac-
tion” sprinkler system that is used to save the building. You should
3.3 Other Preventative Controls 113
Chapter 3
always evaluate code and insurance requirements to determine the
best technique for a given project. In a typical system, the extinguish-
ing agent is stored in cylinders or spheres. It is delivered to distribu-
tion nozzles through a system piping network. Critical to the
functioning of the system is the fire detection and control network.
Typically, smoke detectors sense the presence of fire in the protected
facility. The detection and control panel then sounds an alarm, shuts
down air handlers, disconnects power from the protected equipment,
and then releases the extinguishing agent into the protected area.
FM-200 is a fire suppression agent that is quick, clean, and effective.
It is people- and planet-safe, given that it has a zero ozone-depleting
potential. FM-200 can be dispensed into a room within 10 seconds
or less and leaves no particulates or oily residue behind.
In the late 1980s, Halon fire extinguishers were exceedingly popu-
lar for large corporate computer rooms. Halon is a chemical that
works by “asphyxiating” the fires chemical reaction. Unlike water,
Halon does not conduct electricity and leaves no residue, so it will not
damage expensive computer systems. Unfortunately, Halon may also
asphyxiate humans in the area. For this reason, all automatic Halon
systems have loud alarms that sound before the Halon is discharged.
After Halon is released into the environment, it slowly diffuses into
the stratosphere, where it acts as a potent greenhouse gas and contrib-
utes to the destruction of the ozone layer. Halon is therefore being
phased out and replaced with systems that are based on carbon dioxide
(CO
2
), which still asphyxiates fires (and possibly humans), but which
does not cause as much environmental degradation.
Individual fire extinguishers are also important. You can increase
the chances that your computer will survive a fire by making sure that
there is good fire-extinguishing equipment nearby. Make sure that
you have a handheld fire extinguisher by the doorway of your com-
puter room. Train your computer operators in the proper use of the
fire extinguisher. Repeat the training at least once a year. One good
way to do this is to have your employees practice with extinguishers
that need to be recharged (usually once every year or two). Check the
recharge state of each extinguisher every month. Extinguishers with
gauges will show if they need recharging. All extinguishers should be
recharged and examined by a professional on a periodic basis (some-
times those gauges stick in the “full” position!).
If you have a Halon or CO
2
system, make sure everyone who
enters the computer room knows what to do when the alarm sounds.
114 3.3 Other Preventative Controls
Post warning signs in appropriate places. If you have an automatic
fire-alarm system, make sure you can override it in the event of a false
alarm. Ensure that there is telephone access for the operators and
users who may discover a fire or a false alarm.
Good smoke detectors and fire extinguishers are crucial. Gas (such as
FM200) and water systems are commonly used for fire suppression.
Smoke detectors and temperature sensors should be located through-
out the data center so conditions can be monitored and controlled in
zones. Make sure the fire suppression system can be started and
stopped manually. Computers are notoriously bad at surviving fires.
If the flames dont cause your systems case and circuit boards to
ignite, the heat might melt your hard drive and all the solder holding
the electronic components in place. Your computer might even sur-
vive the fire, only to be destroyed by the water used to fight the
flames.
Water sensors in the computer room ceiling and floor can help pro-
tect valuable equipment. Plastic tarps may be unrolled over IT equip-
ment to protect it from water damage. Many modern computers will
not be damaged by automatic sprinkler systems, provided the com-
puter’s power is turned off before the water starts to flow (although
disks, tapes, and printouts out in the open may suffer). Consequently,
you should have your computers power automatically cut if the water
sprinkler triggers. Be sure the computer has completely dried out
before the power is restored. If your water has a very high mineral
content, you may find it necessary to have the computer’s circuit
boards professionally cleaned before attempting to power up.
Remember, getting sensitive electronics wet is never a good idea.
A subfloor cabling and water detection system helps detect moisture
below the floor. Moisture can damage subfloor wiring or equipment
and cause costly downtime. A subfloor water detection system can
provide immediate warning. Alarms can be provided via various audi-
ble, visual, in-band and out-of-band methods.
Heat-resistant and waterproof containers are needed for backup
media and vital nonelectronic records. If the backup media goes bad,
your data is lost forever. A fireproof media or record cabinet should
be used when storing backup media onsite. A media and record cabi-
net should also provide protection from heat, dust and humidity.
Emergency master system shutdown switches help protect equip-
ment. Although emergency shutdown switches are critical to BCP,
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.188.66.13