As more and more organizations look to reduce their overhead costs, they are turning to co-location datacenters as an answer to their challenges. However, if you don’t do the right research, you could find itself stuck in a long-term contract with a site that doesn’t meet your needs.
First, What’s a Colocation Datacenter
A colocation (“colo”) datacenter is any provider that rents out rack space, servers, networking, equipment, utilities etc. to other organizations to use for their own purposes.
Some colos just rent rack space and cages, with renters responsible for installing their own servers and getting hooked up. Others reach full cloud Infrastructure-as-a-Service (IaaS) level, managing all aspects of datacenter operation.
What type of colocation provider you choose depends on your goals. Do you want to get hands-on with your servers in a dedicated rack? Are you just looking to rent server space for basic tasks? Or do you need massive quantities of floor space where you have total control? Answers to these basic questions will drive initial requirements.
Selecting the Best Colocation Partner
Once you’ve determined what level of service you need from your colo provider, there are additional things you need to consider before you lock in with a long-term colo contract.
Compliance Requirements and Support
Prior to selecting a colocation datacenter, you should understand your long-term compliance roadmap. Determine the high-water mark of compliance frameworks for your Cloud Service Offerings (CSO) (ex. SOC II Type II, ISO 270001, FISMA, CMMC, FedRAMP, Protected B, etc.). Research potential datacenter partners to determine if they meet or are in the process of meeting those requirements.
Additionally, make sure the contract language with the colocation datacenter includes compliance assessment support, to include onsite assessment reviews and assessment artifact collection. Some colocation datacenters claim to support assessments, but then make it very difficult for the assessor to gain the artifacts required. Ensure the contract language is in place to protect your organization’s interests.
Resilient, Redundant Datacenter Design
It would be difficult to find a colocation datacenter these days that doesn’t support redundancy efforts for its clients. This is usually communicated by specifying datacenter “tiers,” with higher number tiers indicating greater reliability.
However, there are contractual items beyond the tier level that you should consider when researching a new datacenter for your CSO. You should request information on how many physical backup generators are located within the primary CSO site. In addition, how much fuel is maintained onsite and how long “at full capacity” would the site be able to perform during a loss of power? These questions are answered based on the overall criticality of your CSO to stay in operation if the colo partner is unable to be resupplied quickly by a fuel company.
Along with the primary site, most compliance frameworks require you to have a failover site to support redundancy. With this type of requirement, you should ensure that the failover site location is at least 50 physical miles away from the primary site to limit the potential impact from residing in the same geographic location.
Perhaps Don’t Build Your Datacenter in a Flood Plane, Under a Tornado
Pay close attention to the physical location of each colocation datacenter. Where are the primary and secondary datacenters physically located and what natural disasters could impact them? If they are close to the coastal waters of the United States, were they built to sustain Hurricane category levels (Level 1-5)? In this scenario, you would want to ensure your datacenter can sustain up to a category 5 hurricane that can reach above 157 mph.
If the datacenter is located in the midwest, how susceptible to flooding from the Mississippi River is it? Is the datacenter physically located within Tornado Alley? If so, is it built to withstand a tornado up to Fujita Scale F5 at 261 mph?
These are questions that each organization should be asking to make sure your CSO is protected against physical disasters that could interrupt service.
Advanced Datacenter Security
If you’re trying to sell your CSO to an audience with more stringent requirements (e.g., Department of Defense), further analysis of the proposed datacenter will be required. An example is the requirement for intrusion detection alarms at the entrance of your physical components, like the door to the cage where the components are stored. You may also need access to automated mechanisms for reviewing/maintaining visitor access records to the colo.
Additionally, your customer requirements may even include support for National Security requirements for classified materials. In this scenario, you will need to ensure that the datacenter supports classified security controls up to the appropriate classification level. In some cases, the datacenter will need to support enough onsite space to hold classified briefings.
Contact 38North to Get Physical
As an elite cloud security advisory firm, 38North specializes in all aspects of colo and cybersecurity – including the physical element. Contact us today so we can help you select, manage and maintain effective colo security.
