[AusNOG] RISK - IT Industry - Concern Over Equipment Being Installed in Data Centre Facilities

paul+ausnog at oxygennetworks.com.au paul+ausnog at oxygennetworks.com.au
Sun Sep 25 21:12:33 EST 2016


Is this advertising or genuine information ?

Paul

-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of chrismacko80
Sent: Sunday, 25 September 2016 8:48 PM
To: ausnog at lists.ausnog.net
Subject: [AusNOG] RISK - IT Industry - Concern Over Equipment Being Installed in Data Centre Facilities

Dear Industry Colleagues,

In the last week, in reflection of previous data centre tours I have undertaken across the country and the risks that face us all within the IT industry, a concern came to mind in our physical security layer in relation to data centre facilities. It is my understanding currently in Australia (and for other countries as per discussions with colleagues), colocated computer equipment provided by customers is not inspected nor scanned for any potentially damaging substances before being installed within data centres, by organisations providing these services. At times, singular servers may be extremely bulky, and there may also be occasions when customers provide multiple racks fully equipped that is positioned within the data centre without any closer inspection apart from basic identification checks, as per understanding of information provided from some of our largest data centres. Considering this, I feel it's a risk that we don't scan equipment as it is being delivered/installed, similar to airports, in particular when it has been delivered locally.

It's my understanding as an industry we spend billions each year securing our data security layer within data centres, however it appears that even with the strictest data centre audits (including by government risk assessors), these have not scrutinised this risk to any degree. I'm not aware if the Attorney General's department nor our federal or state governments perform any such checks when equipment is being installed into their own data centre facilities. I also don't believe I ever saw any such risk considered under any data centre rating specification. As a point, what good is bullet-proof glass within the foyer of a data centre and specific outline of the construction of a goods lift, when there is a greater threat for potentially damaging substances to be wheeled into a data centre within equipment without scrutiny.

I would also ask the question whether our financial market is exposed in any way to this risk, and whether the Australian Stock Exchange sufficiently scans computer equipment delivered for installation into its' data centre facilities in particular by third party customers. I don't know the answer. I hope they do, if not, the question really needs to be asked, why not?

Quoting from ASX document
(http://www.asx.com.au/documents/professionals/alc-connectivity-guide.pdf)
which is available on their website currently;

"The Australian Liquidity Centre (ALC) is a state-of-the-art data centre and financial markets community located just outside Sydney’s CBD. It enables ASX customers to connect with each other and the Australian and global financial markets like never before.

Offering one central location for fast, simple connection to the financial markets community, the ALC provides low latency connectivity options to domestic and global liquidity sources, ASX market data and all ASX markets.

The ALC is designed to maximise the potential of its community. It houses all of ASX’s primary trading, clearing and settlement systems as well as providing hosting facilities for its customers which include buy and sell-side firms, market infrastructure and liquidity venues, information and technology vendors, and infrastructure and network service providers."

I've reached out to several colleagues within the industry, who also agree the lack of scanning of potentially damaging substances is a serious concern, I'd ask that you consider your thoughts on this risk in regards to safeguarding our technology and investments made by all involved, and what you believe should be done to address this risk moving forward.

Kind regards,

Chris Macko
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog



More information about the AusNOG mailing list